A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: security@xeris.ai
Expires: 2025-12-31T23:59:59.000Z
Encryption: https://xeris.ai/.well-known/pgp-key.txt
Preferred-Languages: en
Canonical: https://xeris.ai/.well-known/security.txt
Policy: https://xeris.ai/security-policy
Acknowledgments: https://xeris.ai/security-acknowledgments

# Xeris Security Contact Information
# 
# If you believe you have found a security vulnerability in any Xeris-owned
# repository, please report it to us through coordinated disclosure.
#
# Please do NOT report security vulnerabilities through public GitHub issues, 
# discussions, or pull requests.
#
# Instead, please send an email to security@xeris.ai with detailed information
# about the vulnerability you've discovered.
#
# Please include as much of the following information as possible:
# - Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
# - Full paths of source file(s) related to the manifestation of the issue
# - The location of the affected source code (tag/branch/commit or direct URL)
# - Any special configuration required to reproduce the issue
# - Step-by-step instructions to reproduce the issue
# - Proof-of-concept or exploit code (if possible)
# - Impact of the issue, including how an attacker might exploit it
#
# We take all security reports seriously and will respond as quickly as possible.