Reporting and intake
- Security reports should be sent to security@verbalcheck.com.
- Reports should include reproduction steps, affected systems, impact, and suggested remediation where available.
- VerbalCheck targets an initial response within 48 hours for vulnerability reports.
Response lifecycle
- Triage severity, affected users, affected data, and exploitability.
- Contain active risk by disabling access, rotating credentials, patching code, or changing configuration as needed.
- Remediate the root cause and validate the fix before promotion.
- Document timeline, impact, remediation, and follow-up actions.
Notification
Customer and regulatory notifications depend on the nature of the incident, applicable law, contractual terms, data affected, and institutional role. VerbalCheck should coordinate with affected institutions before issuing customer-specific statements where practical and lawful.