Security

Reporting a Vulnerability

If you discover a security vulnerability in any Void product or this website, we ask that you disclose it responsibly. Please report vulnerabilities to:

security@voidum.io

What to Include

• Description of the vulnerability and its potential impact
• Steps to reproduce the issue
• Affected product and version (if applicable)
• Any proof-of-concept code or screenshots

Our Commitment

• We will acknowledge receipt of your report within 2 business days
• We will investigate and provide an initial assessment within 5 business days
• We will keep you informed of remediation progress
• We will credit researchers who report valid vulnerabilities (with your permission)

Responsible Disclosure Guidelines

• Allow reasonable time for remediation before public disclosure
• Do not access, modify, or delete data belonging to other users
• Do not degrade the availability of production services
• Do not use automated scanning tools against production systems without prior coordination

Product Security Practices

Void products are built with security as a core design principle:

• Written in Zig -- memory-safe by default with no undefined behavior in safe code paths
• TLS encryption for all inter-component communication
• JWT-based authentication with CSRF protection
• Role-based access control with audit logging
• No telemetry or data collection from customer environments
• Comprehensive test coverage across all components

Contact

For security inquiries: security@voidum.io

For general inquiries: sales@voidum.io