How to Report

Send your report to security@netreconapp.com. Please include the following:

• A clear description of the vulnerability
• Steps to reproduce the issue
• The potential impact or severity
• Any relevant screenshots or proof-of-concept code

Our Commitments

• We will acknowledge your report within 48 hours
• We will provide an initial assessment within 5 business days
• Critical vulnerabilities will be fixed within 30 days
• We will credit researchers in our security advisories, if desired

Scope

This policy covers all NetRecon products including the cloud dashboard, API gateway, probe firmware, mobile applications, and the NetRecon OS image. Third-party services (Cloudflare, Paddle) are out of scope — please report issues with those services directly to their respective security teams.

Responsible Disclosure

Please do not publicly disclose the vulnerability before a fix has been released. We ask that you give us a reasonable timeframe to investigate and address the issue before any public disclosure. We will coordinate with you on disclosure timing.

Bug Bounty

We do not currently operate a formal bug bounty program. However, we deeply appreciate the efforts of security researchers and will acknowledge contributions publicly (with your permission) in our release notes.