BUG REPORTING & SECURITY
We are committed to the security of our users and the integrity of the Pico Audit platform. If you discover a vulnerability or issue, we want to hear from you.
01. Select Issue Type
Functional Bugs
UI glitches, installation errors, crashes, or unexpected behavior in the Pico Audit dashboard or service.
Report Via This FormSecurity Vulnerabilities
Privilege escalation, bypasses, or data leaks. Please encrypt sensitive details using our PGP key.
Report Vulnerability02. Responsible Disclosure Policy
To encourage responsible security research, we promise not to pursue legal action against researchers who:
- Testing Rules Only test against your own local instances of Pico Audit. Do not attempt to access our build servers or other users’ data.
- Time to Fix Provide us with at least 90 days to resolve the issue before disclosing it to the public or third parties.
- Data Privacy Do not view, alter, save, or transfer data that does not belong to you. If you encounter sensitive data, stop immediately.
- No Disruption Do not perform DoS/DDoS attacks or degradation of service against our infrastructure.
03. Severity Definitions
| Severity | Description | Response Target |
|---|---|---|
| Critical | Privilege escalation to Root/System, Remote Code Execution (RCE), or bypass of audit logging mechanisms. | < 24 Hours |
| High | Denial of Service (local), access to restricted settings without authorization, or license bypass. | < 3 Days |
| Medium | False negatives in the “Watcher” service (missed events) or incorrect parsing of non-critical logs. | < 7 Days |
| Low | UI typos, visual glitches, or minor installation warnings. | Next Release |