Security Disclosure and Vulnerability Reporting
Last Updated: May 19, 2026
BassemLabs welcomes responsible disclosure of potential security vulnerabilities.
How to Report a Security Issue
Email: [email protected]
Please include:
- A clear description of the issue.
- Affected URL, endpoint, or component.
- Reproduction steps and expected vs actual behavior.
- Proof-of-concept details when available.
Our Disclosure Process
- We acknowledge receipt as quickly as practical.
- We triage and assess severity based on customer impact.
- We prioritize remediation according to severity.
- We coordinate follow-up and closure with the reporter when possible.
Safe-Harbor Expectations
Please:
- Avoid privacy violations, service disruption, and data destruction.
- Do not access or modify data beyond what is required to demonstrate the issue.
- Keep findings confidential until we confirm remediation or agree on disclosure timing.
Current Security Program Practices
BassemLabs maintains:
- Internal vulnerability assessment activities.
- Dependency and package security validation.
- A zero-trust-oriented access model across services.
- Monitoring and alerting to detect reliability and security issues quickly.
At this time, BassemLabs does not operate a public bug bounty program.
Service Status
Public status and incident history: