Security Vulnerability

We take security seriously. If you discover a vulnerability in Riskrunner, we encourage you to report it responsibly.

How to Report a Vulnerability

Please email your findings to info@resilium.group.

Include the following details:

  • A clear and concise description of the vulnerability

  • Steps to reproduce the issue

  • Any proof-of-concept code, if applicable

  • Your contact information (optional, if you’d like updates)

Scope

We welcome reports related to:

  • The app’s core features

  • The API

  • Authentication or authorization flaws

  • Injection vulnerabilities (e.g., XSS, SQLi)

  • The documentation website (if it exposes sensitive data or could be exploited)

Out of scope:

  • Reports based on outdated browsers or platforms

  • Social engineering attacks

  • Denial of Service (DoS) or brute force attempts without proof of impact

Responsible Disclosure Policy

We kindly ask that you:

  • Avoid testing on production systems in ways that could impact real users

  • Give us a reasonable amount of time to address the issue before disclosing it publicly

  • Avoid accessing, modifying, or deleting data you don’t own

Thank you for helping us keep our users safe!