Security Disclosure
Public vulnerability reporting instructions for Eagle Virtual properties and services.
Last Updated: March 15, 2026
Report security issues to security@eaglevirtual.com. For a machine-readable version of this policy, see /.well-known/security.txt or /security.txt.
1. Reporting a Vulnerability
If you believe you have found a security vulnerability affecting Eagle Virtual, please email security@eaglevirtual.com with enough detail for us to reproduce and validate the issue.
Recommended report contents
- A short summary of the issue and the affected URL, endpoint, or product area
- Clear reproduction steps, including sample requests if relevant
- Your assessment of the impact and the conditions required to exploit it
- Any screenshots, logs, or proof-of-concept material needed to verify the finding
- Your preferred contact details for follow-up questions
2. Response Targets
We aim to review good-faith reports promptly and keep reporters informed during triage and remediation.
3. Good-Faith Research
We support responsible security research intended to improve the safety of our service. Testing that is limited to what is necessary to confirm a vulnerability and that avoids harm, privacy violations, or service disruption is considered authorized under this policy.
Please do
- Stop testing once you have confirmed the issue
- Report the issue promptly and keep details confidential while we remediate
- Use only accounts, wallets, and data you own or are explicitly authorized to test
Please do not
- Access, alter, retain, or exfiltrate data belonging to other users
- Perform denial-of-service, spam, social engineering, phishing, or physical attacks
- Attempt persistence, privilege escalation, or lateral movement beyond what is required to demonstrate the issue
4. Scope
This disclosure channel applies to public Eagle Virtual web properties, APIs, and services we operate directly, including the primary domain eaglevirtual.com and public application routes beneath it.
Third-party services, infrastructure not operated by Eagle Virtual, and customer-controlled environments are out of scope unless we explicitly confirm otherwise during triage.
5. Coordinated Disclosure
Please give us a reasonable opportunity to investigate and remediate a verified issue before any public disclosure. If you would like public acknowledgment after remediation, include that request in your report and we will do our best to accommodate it.
Eagle Virtual does not currently advertise a public bug bounty. Valid reports are still appreciated and reviewed.