TrustEdge Labs

Responsible disclosure

Report a vulnerability.

If you've found a security issue in any TrustEdge Labs property — this site, Worklora, the CK CAD Toolkit, or one of our open-source repositories — we want to hear from you. We commit to taking your report seriously, responding quickly, and giving credit when credit is due.

How to report

Email security@trustedgelabs.dev with:

  • · A clear description of the issue and its impact.
  • · Reproduction steps. A short PoC video or curl is ideal.
  • · Your handle for credit (or "anonymous" if you prefer).
  • · A way to reach you for clarifying questions.

Our commitment

  • · Acknowledgment within 2 business days.
  • · Initial triage and severity within 5 business days.
  • · No legal action against good-faith research conducted under this policy.
  • · Credit on the acknowledgments page (with permission).
  • · A clear timeline to fix and a coordinated disclosure window.

Out of scope

  • · DoS / volumetric attacks against our infrastructure.
  • · Reports requiring physical access to a victim's device.
  • · Social engineering of TrustEdge Labs staff or customers.
  • · Reports about missing security headers without demonstrated impact.
  • · Issues in third-party services we don't control.

Safe harbor

We consider security research conducted under this policy to be authorized. We will not pursue civil action or initiate a complaint to law enforcement for accidental, good-faith violations of this policy. If your research involves the data of another user, please stop testing and report immediately.

Last updated: 2026-05-04 · security.txt