Vulnerability Disclosure Policy
Actuator Security follows a structured, transparent, and vendor-neutral responsible disclosure process. Independent research defaults to Google's established 90-day Project Zero guidelines, while requested or sponsored engagements follow custom confidentiality terms as requested.
1. Independent Research
Project Zero Aligned
Independent research follows the industry-standard Google Project Zero 90-day disclosure policy. Vendors receive immediate notification and full technical details along with 90 days to remediate vulnerabilities before public disclosure.
This guideline is intended to provide a reasonable timeframe for remediation-but it is not a guarantee. Failure to respond or address findings in our security vulnerability reports could result in dissemination at our discretion.
This guideline is intended to provide a reasonable timeframe for remediation-but it is not a guarantee. Failure to respond or address findings in our security vulnerability reports could result in dissemination at our discretion.