Reportable Vulnerabilities
Authentication flaws, exposed sensitive data, injection risks, authorization issues, configuration errors, and infrastructure weaknesses.
Security
Responsible Security Disclosure
A responsible disclosure pathway for vulnerabilities, website risks, infrastructure exposure, and operational security concerns.
Security reports are handled as infrastructure protection events and should be submitted with enough detail for safe validation.
Reporting Format
Include affected URL, vulnerability type, reproduction steps, screenshots, impact, timestamp, and safe contact details.
Disclosure Expectations
Please allow reasonable review and remediation time before public disclosure. Avoid accessing unnecessary data.
Infrastructure Protection
Orix Marketing uses layered controls such as verification, monitoring, secure configuration, access control, and operational review.
Response Workflow
Reports are triaged, validated, prioritized, remediated, verified, and documented based on risk and system exposure.
Security Email
Report security issues to security@orixmarketing.lk for responsible review and routing.
FAQ
Common governance questions.
Where should security issues be reported?
Security issues should be reported to security@orixmarketing.lk with affected URLs, reproduction steps, impact assessment, and contact information.
What should researchers avoid?
Researchers should avoid data exfiltration, destructive testing, privacy violations, social engineering, spam, or actions that disrupt availability.
Enterprise CTA
Report a security issue
Send a responsible disclosure report with enough technical detail for safe validation.