Vulnerability Disclosure Policy

Introduction

Kriya Materials takes the security of our systems seriously. We value the work of security researchers who help us identify and address vulnerabilities. This policy describes how to report vulnerabilities to us responsibly.

Scope

This policy applies to:

• kriya-materials.com and all subdomains
• Our web applications and APIs

Reporting

If you believe you have found a security vulnerability, please report it to:

security@kriya-materials.com

Please include:

• A clear description of the vulnerability
• Steps to reproduce the issue
• The potential impact
• Any suggested remediation

Our commitment

• We will acknowledge receipt within 3 business days
• We will provide an initial assessment within 10 business days
• We will not pursue legal action against researchers who follow this policy
• We will keep you informed of our progress in addressing the vulnerability

Guidelines

We ask that you:

• Do not access, modify, or delete data belonging to other users
• Do not perform denial-of-service attacks
• Do not publicly disclose the vulnerability before we have addressed it
• Provide sufficient detail for us to reproduce and verify the vulnerability