Contact: mailto:security@nanotesting.com
Contact: mailto:ratomir@ratomir.com
Expires: 2027-05-14T00:00:00Z
Preferred-Languages: en, sr
Canonical: https://www.nanotesting.com/.well-known/security.txt
Policy: https://www.nanotesting.com/legal/bug-bounty
Acknowledgments: https://www.nanotesting.com/legal/bug-bounty

# We run automated pentests for a living, so we welcome reports the
# same way our customers send them to their vendors:
#
#   1. Email security@nanotesting.com with a steps-to-reproduce.
#   2. Do NOT run active payloads against our production scanner
#      pool; assume the worker pool is in scope of the rules
#      that apply to our customers' targets, not the inverse.
#   3. Give us a reasonable window before public disclosure - 30
#      days for High / Critical, 90 days for everything else.
#
# We do not currently run a paid bug bounty, but every triaged
# report is acknowledged in writing and we are happy to coordinate
# CVE assignment when the issue warrants it.