Security Vulnerability Disclosure Policy

Volt Europa takes security seriously. We appreciate the efforts of security researchers who help us maintain the security of our systems and protect our users.

Coordinated Vulnerability Disclosure

We follow the principles of coordinated vulnerability disclosure. Please follow these guidelines when reporting security vulnerabilities:

1. Provide detailed information: Include as much detail as possible about the vulnerability to help us understand, reproduce, and properly fix the issue. This includes:
   • Clear description of the vulnerability
   • Steps to reproduce the issue
   • Proof-of-concept (if applicable)
   • Potential impact assessment
2. Include your contact information: Please provide your contact details so we can reach you if we need additional information or want to provide updates on the fix.
3. Maintain confidentiality: Please do not publicly disclose the vulnerability until we have addressed it and agreed on an appropriate disclosure timeline. Additionally:
   • Do not explore systems beyond what is necessary to demonstrate the issue
   • Destroy any data you may have inadvertently accessed
   • Do not exploit or misuse the vulnerability
4. Publication and attribution: If you plan to publish a writeup or create educational content about the vulnerability, please contact us first to coordinate timing and review the content before publication.

Out of Scope

The following issues are generally considered out of scope:

• Vulnerabilities in third-party applications not directly controlled by Volt Europa
• Social engineering attacks
• Physical security issues
• Denial of service attacks
• Issues requiring physical access to user devices

Recognition

We appreciate security researchers' contributions and may provide recognition for valid vulnerability reports, subject to the researcher's preferences and our internal policies.