Responsible disclosure
Security
Last updated: July 14, 2026
Ventryn welcomes good-faith reports for security issues affecting ventryn.com, Ventryn division subdomains, public Firebase Hosting surfaces, and other Ventryn-operated public web endpoints.
Contact
Email security reports to support@ventryn.com. Include the affected URL or resource, reproduction steps, expected impact, test account or request details if applicable, and any relevant screenshots or logs. Do not include secrets, personal data, or data copied from another person unless necessary to explain the issue.
Scope
In scope: Ventryn-owned public website and division web endpoints that are intended for public access. Out of scope: third-party services not controlled by Ventryn, social media platforms, DNS providers, physical security, employee devices, phishing, spam, denial-of-service testing, and issues requiring access to non-public systems.
Rules For Testing
Do not access, modify, delete, exfiltrate, or retain private data. Do not attempt persistence, privilege escalation beyond what is necessary to demonstrate impact, social engineering, destructive testing, automated high-volume scanning, denial-of-service behavior, credential stuffing, malware upload, or public disclosure before Ventryn has had a reasonable opportunity to investigate and remediate.
Response
Ventryn aims to acknowledge legitimate reports within a few business days. Resolution timing depends on severity, reproducibility, operational impact, and third-party provider involvement. Ventryn may decline reports that are speculative, not reproducible, already known, outside scope, or based only on missing optional headers or low-impact configuration preferences.
Limits
This page is not a bug bounty program and does not promise compensation, employment, public credit, or permission to test outside the scope above. Reports are handled as operational security intake. Nothing on this page waives Ventryn's legal rights or authorizes conduct that would otherwise be unlawful.