Security Policy

Guidelines for responsible security research and vulnerability reporting

Reporting Security Vulnerabilities

We take security seriously at novo.sh. If you believe you have found a security vulnerability, please report it to us responsibly by following the guidelines below:

Do not exploit the vulnerability beyond what is necessary to demonstrate it.
Provide a detailed report with steps to reproduce the issue, potential impact, and any relevant information.
Allow us a reasonable amount of time to address the issue before disclosing it publicly.

Scope

In Scope:

All public-facing services and applications
API endpoints

Out of Scope:

Social engineering attacks
Physical security vulnerabilities

Acknowledgments

We appreciate the efforts of security researchers and will acknowledge contributions. We may offer rewards for significant findings.

Legal

By reporting a security vulnerability, you agree to comply with all applicable laws. You must not engage in any activity that could harm our services or data.

Report a Vulnerability