Legal
Responsible Disclosure
How to report security vulnerabilities in SipRadar products and infrastructure.
Last updated: 15 July 2026
Our commitment
SipRadar takes the security of our honeypot network, API platform, and customer data seriously. We welcome reports from security researchers who help us identify vulnerabilities responsibly.
How to report
Send vulnerability reports to security@sipradar.net with sufficient detail to reproduce the issue. Encrypt sensitive findings with our PGP key if available (on request).
Include: description, impact assessment, steps to reproduce, affected URLs or endpoints, and your contact information.
In scope
The following are generally in scope:
- sipradar.net and official SipRadar subdomains.
- REST API endpoints (api.sipradar.net).
- Customer dashboard and authentication flows.
- Honeypot ingestion pipeline and threat graph (if access is obtained without harming production).
Out of scope
The following are out of scope unless they demonstrate clear, exploitable impact on SipRadar or our customers:
- Denial-of-service attacks against production infrastructure.
- Social engineering, phishing, or physical attacks.
- Issues in third-party services not operated by SipRadar.
- Scanning or testing customer PBX endpoints without authorization.
- Missing security headers without demonstrated exploit.
- Spam or content injection in community channels (report via support instead).
Safe harbor
If you act in good faith, avoid privacy violations and service disruption, and give us reasonable time to remediate before public disclosure, we will not pursue legal action for your research activities.
Do not access, modify, or delete data belonging to other customers. Use test accounts you control where possible.
Response timeline
We aim to acknowledge reports within 24 hours and provide an initial assessment within 5 business days. Complex issues may require additional time; we will keep you informed of progress.
Coordinated disclosure is preferred. We ask for 90 days before public disclosure unless we agree otherwise or the issue is already public.
Recognition
With your permission, we may credit researchers in a security acknowledgments page. We do not currently offer a paid bug bounty program but may provide swag or account credits at our discretion for significant findings.
Contact
Security reports: security@sipradar.net
General support: support@sipradar.net
For urgent active exploitation affecting customer data, mark your email subject as [URGENT].
This document is provided for informational purposes and does not constitute legal advice. For legal inquiries, contact legal@sipradar.net.
Related policies