Skip to main content
InfraNet HR

Security & Operations

Responsible Disclosure Policy

Effective Date: May 30, 2026

InfraNet HR values the security of our platform, customers, and users. We welcome responsible disclosure of security vulnerabilities and appreciate the efforts of security researchers who help improve the safety and reliability of our services. If you believe you have discovered a security vulnerability, we encourage you to report it in accordance with this Policy.

Reporting a Vulnerability

Please submit vulnerability reports to: security@infranet-hr.com

To help us investigate efficiently, please include:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • Affected pages, systems, or functionality
  • Screenshots, logs, or proof-of-concept information when available
  • Contact information for follow-up questions

We appreciate detailed reports that help us understand and verify the issue.

Good Faith Security Research

InfraNet considers security research to be conducted in good faith when researchers:

  • Avoid privacy violations
  • Avoid destruction or modification of data
  • Avoid service disruption
  • Avoid unauthorized access to customer information
  • Report vulnerabilities promptly after discovery
  • Provide reasonable time for remediation before public disclosure

We ask researchers to act responsibly and avoid actions that may negatively impact customers, users, or platform availability.

Activities Not Permitted

The following activities are not authorized under this Policy:

  • Accessing customer accounts or customer data
  • Downloading, modifying, or deleting information that does not belong to you
  • Physical security testing
  • Denial-of-service attacks
  • Social engineering attacks
  • Spam or phishing activity
  • Malware deployment
  • Any activity that could disrupt service availability

Researchers should immediately stop testing and notify InfraNet if customer data is encountered.

Our Commitment to Researchers

When vulnerability reports are submitted in good faith, InfraNet will:

  • Acknowledge receipt of the report
  • Review and investigate the issue
  • Work to validate legitimate findings
  • Take appropriate corrective action when necessary
  • Maintain communication regarding the status of the report when appropriate

While response times may vary depending on severity and complexity, we strive to review reports as promptly as possible.

Public Disclosure

We ask researchers not to publicly disclose vulnerabilities until:

  • InfraNet has had a reasonable opportunity to investigate and remediate the issue
  • Customers and users are adequately protected

Coordinated disclosure helps protect the security of the platform and its users.

Scope

This Policy applies to:

  • infranet-hr.com
  • Publicly accessible InfraNet services
  • Publicly available InfraNet applications and interfaces

Third-party services, vendors, and external systems are governed by their respective owners and policies.

No Bug Bounty Program

At this time, InfraNet does not operate a formal bug bounty program. Submission of a vulnerability report does not create any expectation of financial compensation. InfraNet reserves the right to determine whether rewards, acknowledgments, or recognition will be provided.

Contact

Questions regarding this Responsible Disclosure Policy may be directed to:

InfraNet HR
Email: security@infranet-hr.com
Springfield, Missouri, United States

Last Updated: May 30, 2026