How to contact us about a security issue

If you have discovered a security issue pertaining to software that Neocrym has written or deployed, we ask that you contact us by sending an email to security@neocrym.com.

How NOT to disclose a security issue

Please do not publicly disclose security issues pertaining to Neocrym's technology or infrastructure before you have emailed security@neocrym.com and have received a response from us.

When using a Neocrym product--even for the purpose of security research--you are always bound by the product's Terms of Service (ToS). You are also always bound to the terms of Neocrym's Privacy Policy.

If you offer a patch for a security vulnerability, you must agree to assign copyright to Neocrym. To merge a pull request into one of our open source repositories, you will have to agree to Neocrym's Contributor Licensing Agreement (CLA).

And when communicating with other members of a Neocrym-run community--such as a mailing list or GitHub Issues page--you are expected to follow the Neocrym Code of Conduct (CoC).

Neocrym's security program

Neocrym does not have a currently-active bug bounty for security issues. We currently do not guarantee payment for independent researchers that discover issues before contacting us first.

Some infrastructure that we rely upon actually belongs to our vendors. In such cases, you would be bound by their security policies in addition to ours. Please contact us if you have any confusion about this matter.

We do not permit you to run automated security scanners or tools that harm the quality or availability of the services that Neocrym offers. If you would like to use such tools against our infrastructure, please contact us first.

If you are interested in doing security work for Neocrym, feel free to contact us beforehand.