← lazaretto.dev

Security & responsible disclosure

Lazaretto is a security product, and we hold ourselves to the same standard we ask of the artifacts we inspect. If you have found a vulnerability in our service, or believe we returned a wrong result, we want to hear from you.

How to report

Email security@lazaretto.dev. Please include enough detail to reproduce: affected endpoint or URL, steps, and any request/response evidence. For sensitive findings, ask us for an encrypted channel before sending details.

Our commitments to good-faith researchers

Please do

Reporting a wrong verdict

Lazaretto is a signals provider. If we returned malicious or flagged on an artifact you publish and you believe it is wrong, use disputes@lazaretto.dev. A missed detection (a false negative) is equally welcome at the security address above — both make the product better.