Responsible Disclosure

Send vulnerability reports to leng.jixiang@ninenames.com with a concise description, affected asset, reproduction notes, and contact information.

Do not perform destructive testing, access non-public data, disrupt service, exfiltrate secrets, or include patient files in a disclosure.

Nine Names separates vulnerability handling from claim review, privacy requests, and public correspondence.

Reports are reviewed for scope, safety, and reproducibility before any public acknowledgment or remediation summary.