Security Contact

Security contact and vulnerability disclosure.

If you believe you have found a security issue affecting SupraOS or supraos.co, contact us responsibly.

Contact

Current security contact: info@supraos.co
If a dedicated security inbox is established, this page will be updated.

What to include

  • A clear description of the issue.
  • Steps to reproduce.
  • Affected URL, endpoint, or asset.
  • Potential impact.
  • Screenshots or logs where safe.
  • Your contact information.

Responsible disclosure expectations

  • Do not access, modify, delete, or exfiltrate data that does not belong to you.
  • Do not perform denial-of-service testing.
  • Do not attempt social engineering.
  • Do not access production systems beyond what is necessary to demonstrate the issue.
  • Do not publicly disclose the issue before SupraOS has had a reasonable opportunity to investigate.

Response expectation

SupraOS will aim to acknowledge credible reports and triage severity. Response timelines may vary by issue type, current stage, and capacity.

Need deeper diligence?

Qualified evaluators can request security review materials or start with a read-only Company Scan.

Request a Company ScanSecurity Review Quick Answers