Security Disclosure
Responsible disclosure with clear expectations.
If you find a potential vulnerability, report it privately. cyang.io treats good-faith security reports seriously and coordinates remediation with direct communication.
- Primary route
- support@cyang.io
- Acknowledgment target
- Within 2 business days
How to report
Share the affected route or workflow, steps to reproduce, expected behavior, actual behavior, and potential impact.
Priority scope
Auth and tenancy issues, encryption or serve-path failures, scan bypasses, and token abuse vectors are especially important.
Testing expectations
Do not access data you do not own, avoid destructive testing, and keep details private while remediation is active.