# Vulnerability Disclosure Program Burla welcomes good-faith security research and the responsible disclosure of vulnerabilities that may affect our systems, services, or users. If you believe you have discovered a security vulnerability in Burla, please report it to: **** Please include as much of the following as possible: * a clear description of the issue * steps to reproduce it * the affected URL, endpoint, or service * screenshots, logs, or proof of concept if helpful * your contact information so we can follow up ### Our Commitment If you submit a report in good faith and in line with this policy, Burla will: * review the report promptly * investigate legitimate issues * work to remediate confirmed vulnerabilities in a reasonable timeframe * communicate with you as appropriate during the review process ### Rules of Engagement To keep research safe and responsible, please: * act in good faith * avoid privacy violations, destruction of data, and interruption of service * only test against accounts and systems you own or are explicitly authorized to test * stop testing and notify us immediately if you encounter customer data or other sensitive information * give us a reasonable opportunity to investigate and address the issue before any public disclosure Please do not: * access, modify, or exfiltrate data that does not belong to you * perform denial of service or stress testing * use phishing, social engineering, spam, or physical attacks * introduce malware, ransomware, or other malicious payloads * exploit a vulnerability beyond what is reasonably necessary to confirm that it exists ### Scope This policy applies to Burla-owned public-facing applications, services, and infrastructure unless otherwise stated. Third-party services, providers, and applications not owned by Burla are out of scope. ### Safe Harbor Burla will not pursue legal action against researchers for good-faith testing conducted in a manner consistent with this policy. This safe harbor applies only to activities that: * are intended solely to identify and report vulnerabilities * avoid harm to Burla, its users, and third parties * comply with all applicable laws and regulations ### No Bug Bounty Burla does not currently offer a paid bug bounty program unless explicitly stated otherwise. ### Reporting Please send vulnerability reports to: **** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.burla.dev/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.