Reporting a Security Vulnerability
If you find a security vulnerability in any VeryAI product or service please report it responsibly. Don't create a public GitHub issue or share it publicly before giving us a chance to look into it.
How to Report
Email [email protected] with:
What you found
Steps to reproduce it
How you think it could be exploited
Any screenshots, logs, or proof of concept
Please give us reasonable time to investigate and fix the issue before going public.
What's Covered
very.org and all subdomains
VeryAI mobile apps
Smart contracts and on-chain programs
APIs and backend services
How Long Will It Take?
We'll acknowledge your report within 48 hours
Initial assessment within 5 business days
Critical issues resolved within 30 days
Safe Harbour
We will not pursue legal action against researchers who report vulnerabilities in good faith and follow responsible disclosure. We ask that you give us reasonable time to respond before going public.
Bug Bounty
We don't have a formal bug bounty program right now but we may offer rewards for significant findings on a case by case basis. We appreciate researchers who help keep VeryAI secure.
Out of Scope
Social engineering against VeryAI staff
Denial of service attacks
Spam or phishing
Issues in third-party tools we use
š Full security policy: very.org/.well-known/security.txt
š§ [email protected]
Related: How to Get Help