Last Updated: 2025-12-16

Overview

At Verus Investments, we take the security of our systems and data seriously. We value the contributions of security researchers and welcome reports of potential vulnerabilities in our Chinook application.

Scope

This policy applies to vulnerabilities in:

  • The Chinook portfolio tracking application
  • Associated APIs and services
  • Authentication and authorization systems

The following are out of scope:

  • Social engineering attacks
  • Physical security issues
  • Denial of service attacks
  • Third-party services and applications

How to Report

If you believe you have found a security vulnerability, please report it to us by emailing:

jwilson@verusinvestments.com

Please include the following in your report:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any proof-of-concept code (if applicable)
  • Your contact information for follow-up

What to Expect

After submitting a report:

  • Acknowledgment: We will acknowledge receipt within 3 business days
  • Assessment: We will investigate and validate the report
  • Updates: We will keep you informed of our progress
  • Resolution: We will notify you when the issue is resolved

Safe Harbor

We consider security research conducted in accordance with this policy to be:

  • Authorized and lawful
  • Exempt from CFAA restrictions to the extent permitted by law
  • Conducted in good faith

We will not pursue legal action against researchers who discover and report vulnerabilities in good faith, following this policy. We ask that you:

  • Do not access or modify data belonging to others
  • Do not disrupt or degrade our services
  • Do not publicly disclose vulnerabilities before we have addressed them
  • Act in good faith to avoid privacy violations

Contact

For security concerns, please contact:
Joe Wilson
jwilson@verusinvestments.com

Go to Home
Do NOT follow this link or you will be banned from the site!