Vulnerability Disclosure & Security Reporting
ApexIQ takes the security of our products, services, and systems seriously. If you believe you have found a security vulnerability in any ApexIQ system, we encourage you to report it responsibly so we can investigate and address it. This policy describes how to report vulnerabilities and what you can expect from us.
1. How to Report a Vulnerability
Include as much detail as possible:
A clear description of the vulnerability
Steps to reproduce (proof-of-concept where possible)
Affected product/service URL or endpoint
Any screenshots, logs, or example payloads
Your assessment of impact (e.g., data exposure, privilege escalation)
Your preferred contact details for follow-up
Note: If you are reporting a vulnerability affecting a specific customer environment, please indicate the customer name (if permitted) and environment details.
2. Safe Harbor (Good-Faith Security Research)
We support good-faith security research. If you:
Make a good-faith effort to avoid privacy violations, data destruction, and service disruption
Only access data that is necessary to demonstrate the issue
Do not exploit the vulnerability beyond what is needed to confirm it
Do not use social engineering, phishing, or physical attacks against employees or customers
Report the vulnerability promptly and keep details confidential until we fix it
Safe Harbor Commitment: Then ApexIQ will not pursue legal action against you for your research under this policy.
3. What We Ask You NOT To Do
To protect our customers and services, please do not:
Access, modify, or delete data that does not belong to you
Perform denial-of-service attacks or automated scanning that degrades service
Attempt to extort ApexIQ or customers, or demand payment to disclose vulnerabilities
Publicly disclose vulnerability details before a fix or mitigation is available
Test on customer systems without explicit authorization from that customer
4. Our Response Process
When we receive a report, we aim to:
Acknowledge your report within 3 business days
Investigate and validate the issue
Prioritize and remediate based on severity and impact
Notify affected customers as required by contract and applicable law
Coordinate disclosure timing with you when possible
Timing: Timelines may vary depending on complexity and impact, but we will communicate status updates.
5. Disclosure and Public Communication
We request that you keep vulnerability details confidential until we have implemented a fix or mitigation. Where appropriate, we may:
Publish security advisories or release notes
Acknowledge researchers who report valid vulnerabilities (with your permission)
6. Rewards / Bug Bounty
ApexIQ does not currently operate a public bug bounty program. However, we review all reports and may choose to recognize valid findings at our discretion.
7. Contact
Responsible Disclosure: ApexIQ is committed to working with security researchers to protect our customers. We value the contributions of the security community and are dedicated to addressing vulnerabilities in a timely and transparent manner. Thank you for helping us keep our systems secure.