Security
Vulnerability Disclosure Policy
We believe in transparent, responsible security research collaboration. If you discover a vulnerability in AntiMatter AV products, we want to hear from you.
Scope
This policy covers vulnerabilities in:
- AntiMatter AV Windows application (Tauri)
- AntiMatter AV Android application (APK)
- AntiMatter AV backend API (antimatterav.netwall.in)
- AntiMatter AV admin/CRM portals
- AntiMatter AV antivirus definitions infrastructure
How to Report
What to Include
- 1. Description of the vulnerability
- 2. Steps to reproduce
- 3. Potential impact and severity assessment
- 4. Affected product and version
- 5. Proof of concept (if applicable)
- 6. Your contact information
Reporting Channels
Security Email
[TO BE UPDATED]
PGP Key
Available upon request for encrypted reports
Response Time
Acknowledgment within 24 hours
Our Commitment
Response Timeline
- 24 hours: Acknowledge receipt of report
- 48 hours: Initial assessment and severity rating
- 7–14 days: Patch development and testing
- 30 days: Public disclosure (coordinated)
CRA Compliance (ENISA Reporting)
- Actively exploited vulnerabilities reported to ENISA within 24 hours
- Full report including impact analysis within 72 hours
- All affected users notified with mitigation steps
Safe Harbor
We will not pursue legal action against security researchers who:
- Act in good faith and comply with this policy
- Avoid accessing or modifying user data
- Do not exploit vulnerabilities beyond proof of concept
- Report findings promptly via authorized channels
- Allow reasonable time for remediation before disclosure
Bug Bounty Program
A formal bug bounty program is under development.
In the meantime, significant findings will be acknowledged with credit and gratitude. Contact us for details.