Security at Noru

If you believe you discovered a vulnerability, email security@noru.tech and include clear reproduction steps. We acknowledge reports within 24 hours, complete initial triage within 3 business days, and aim for coordinated disclosure within 90 days.

Official machine-readable policy: /.well-known/security.txt

Disclosure Policy

Rules of engagement, safe harbor, and coordinated disclosure expectations.

PGP Key

Current key status and how to send encrypted vulnerability reports.

Hall of Fame

Acknowledgement page for security researchers who report valid findings.

Security Advisories

Published security advisories and incident communication.