Notify affected vendors
When a vulnerability affects a third-party product or service, FaultLabs will make reasonable efforts to notify the affected vendor before publishing technical details.
Vulnerability Disclosure
Coordinated disclosure that helps vendors fix issues responsibly.
FaultLabs may identify vulnerabilities through independent research, client-authorized assessments, or analysis of third-party technologies. Our goal is to reduce risk by notifying affected parties, supporting remediation, and publishing advisories only when appropriate.
Our disclosure principles.
We approach disclosure with care for affected users, vendors, clients, and the broader security community.
Protect client interests
Vulnerabilities identified during a paid client engagement belong to the client unless otherwise agreed. Disclosure decisions for client work are coordinated with the client first.
Reduce public risk
Advisories are written to help users understand impact and remediation options without unnecessarily increasing exposure before fixes are available.
Process
Each case is reviewed based on impact, exploitability, vendor responsiveness, active exploitation, and public availability of the vulnerability details.
- Validate the vulnerability and document technical evidence.
- Identify affected products, versions, vendors, and likely user impact.
- Notify the vendor or appropriate coordination body when applicable.
- Work toward a remediation timeline and advisory publication plan.
- Publish limited or full details based on risk, fix availability, and public safety.
When we may publish
FaultLabs may publish an advisory when a fix is available, when a vendor is nonresponsive after reasonable outreach, when the issue is already being exploited, or when vulnerability details are already public.
Report a vulnerability
If you need to contact FaultLabs about a vulnerability, use the contact page for now. Add a dedicated security email later, such as security@faultlabs.com, for faster routing.