Security

Last updated: May 23, 2026

Devancore builds enterprise software for regulated operating environments. Security is part of the product design, customer onboarding, vendor review, and support process.

Security Contact

For vulnerability reports, security questions, or vendor security questionnaire requests, contact . For general business inquiries, use .

Security Practices

Our security program is designed around practical controls, including:

  • Access control and least-privilege permissions
  • Encryption in transit and encryption at rest where supported by the relevant system
  • Environment separation for production and non-production systems
  • Audit logging for security-relevant activity
  • Vendor review for material service providers
  • Secure development practices and code review
  • Incident triage and escalation procedures

Customer Environments

Security controls for a customer deployment may depend on the customer agreement, configuration, integrations, hosting model, permissions, and data flows. Devancore can support customer security review and vendor diligence under appropriate confidentiality terms.

Responsible Disclosure

We ask security researchers to report vulnerabilities privately so we can review and address them before public disclosure. We will acknowledge credible reports within two business days. We will not pursue legal action against researchers who act in good faith, avoid privacy violations, do not disrupt service, do not access or exfiltrate data beyond what is necessary to prove the issue, and follow this policy.

In Scope

The following systems are in scope for vulnerability reports:

  • devancore.com
  • Public Devancore web applications or APIs expressly identified by Devancore as in scope

Out of Scope

The following are out of scope:

  • Social engineering, phishing, or pretexting
  • Physical attacks against facilities, employees, vendors, or customers
  • Denial-of-service or resource-exhaustion testing
  • Spam, brute force, credential stuffing, or automated high-volume testing
  • Issues affecting third-party services outside Devancore control

What to Include

A useful report includes:

  • A clear description of the issue
  • Steps to reproduce
  • Potential impact
  • Relevant URLs, screenshots, logs, or proof-of-concept details
  • Your preferred contact information

No Guarantee

No system is perfectly secure. This page describes our security contact and general practices. It does not create a warranty, certification, audit opinion, regulatory approval, or guarantee that any system is free from risk.