Devancore takes the security of our systems and our customers' data seriously. This page provides our security contact, responsible disclosure policy, and scope for vulnerability reports and vendor security questionnaires.

Security Contact

For vulnerability reports, security questions, or vendor security questionnaire requests, please contact us at security@devancore.com. We use this address for security-related communications only and will respond as described in our responsible disclosure policy below.

Responsible Disclosure Policy

We ask security researchers to report vulnerabilities to us privately so we can address them before any public disclosure. We commit to acknowledging your report within two business days. We will not pursue legal action against researchers who act in good faith and follow this policy. We aim to resolve critical issues within 30 days and will work with you to agree on timing for public acknowledgment where appropriate.

Scope

In-scope systems for vulnerability reporting and security assessment include:

The Devancore marketing site (devancore.com)
The Devancore platform (app.devancore.com)

Out of Scope

The following are out of scope for our responsible disclosure program:

Social engineering (e.g., phishing, pretexting)
Physical attacks against facilities or personnel
Denial of service (DoS or DDoS)

What to Include in a Report

To help us triage and fix issues quickly, please include:

A description of the vulnerability
Steps to reproduce the issue
Potential impact of the vulnerability

Send your report to security@devancore.com. We appreciate your efforts to help keep Devancore and our users secure.

For general inquiries or commercial contact, please use solutions@devancore.com or our contact form.