Security Disclosure
At Mr.SIP Pro, we take the security of our users and systems seriously. We welcome responsible disclosure of security issues and appreciate the efforts of the security research community in helping us maintain a secure ecosystem.
1. Reporting a Vulnerability
If you discover a vulnerability in Mr.SIP Pro, our website, or associated infrastructure, please contact us immediately at security@vulnhero.com.
2. Include the Following
Please include as much detail as possible, such as:
- Product version and environment
- Detailed steps to reproduce the issue
- Proof-of-Concept (PoC), if applicable
- Expected vs. actual behavior
3. Response Timeline
We aim to acknowledge reports within 3 business days and provide regular status updates as we investigate and resolve the issue.
4. Scope
Vulnerabilities affecting the following are in scope:
- Mr.SIP Pro application (all supported OS versions)
- VulnHero licensing and update mechanisms
- mrsippro.com and vulnhero.com domains
5. Out-of-Scope
Please avoid:
- Social engineering or phishing attacks
- Denial-of-Service tests without written permission
- Attacks against non-production environments or demo instances
6. Recognition
We are happy to publicly acknowledge valid security reports (with permission) and may offer rewards or early access privileges in some cases.
7. Contact
Security-related inquiries can be directed to security@vulnhero.com.