Security

CyberOrigen takes security seriously. This page outlines our security practices and how to report vulnerabilities.

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly:

What to Include

Description of the vulnerability
Steps to reproduce
Potential impact
Any suggested fixes (optional)

Response Timeline

Action	Timeframe
Acknowledgment	Within 24 hours
Initial Assessment	Within 72 hours
Status Update	Weekly
Resolution Target	90 days (varies by severity)

Security Measures

Authentication

JWT Tokens: Short-lived access tokens (1 hour default)
MFA: Time-based one-time passwords (TOTP)
Password Policy: Minimum 12 characters, complexity requirements
Rate Limiting: Protection against brute force attacks

Encryption

At Rest: AES-256-GCM for sensitive database fields
In Transit: TLS 1.3 for all connections
Secrets: Managed secrets service for production credentials

Access Control

RBAC: Role-based access control
Multi-Tenancy: Organization-level data isolation
Audit Logging: All actions are logged

Infrastructure

Cloud: Production hosted on enterprise cloud infrastructure
Containers: Containerized deployment with minimal base images
Dependencies: Automated vulnerability scanning

Security Policy

For the complete security policy, contact security@cyberorigen.com.

Bug Bounty

We appreciate security researchers who help keep CyberOrigen safe.

What we offer:

Credit in our security advisories (with permission)
Written acknowledgment of valid reports

We do not currently offer monetary rewards.

Security Updates

Security patches are released as soon as they're ready:

Critical: Immediate release
High: Within 7 days
Medium: Within 30 days
Low: Next scheduled release

Security announcements will be posted to our documentation and communicated to affected customers directly.

Security ​

Reporting Vulnerabilities ​

What to Include ​

Response Timeline ​

Security Measures ​

Authentication ​

Encryption ​

Access Control ​

Infrastructure ​

Security Policy ​

Bug Bounty ​

Security Updates ​