Vareto maintains a Responsible Disclosure Policy (RDP) scoped to particular assets as identified below. You can contact us for more information or to report vulnerabilities

Policy Scope

Vareto’s Responsible Disclosure Policy covers the following products:

The scope of this policy may expand in the future as we add additional product capabilities and gain experience with this process.


Vareto will not engage in legal action against individuals who submit vulnerability reports to in accordance with this policy. We openly accept reports for the Vareto products identified above. We agree not to pursue legal action against individuals who:

Submitting a vulnerability

Submit vulnerability reports to Vareto’s Product Security Team via

Report Prioritization and Acceptance Criteria

Preference will be given to reports that meet the following criteria:

What you can expect from Vareto:

Vareto reserves the right to use a neutral third party to assist in determining how best to handle the vulnerability.