Vulnerability Disclosure Policy | Flowtriq
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance
Trust Center

Vulnerability Disclosure Policy

Responsible Disclosure · Last updated April 28, 2026

Flowtriq welcomes reports from security researchers and the broader community. If you discover a vulnerability in our systems, we want to know — and we commit to working with you to address it responsibly.

Report a Vulnerability

Send your findings to our security team. Include as much detail as possible: steps to reproduce, impact assessment, and any proof-of-concept (without destructive actions).

Email [email protected]

Scope

The following systems are in scope for vulnerability reports:

TargetIn Scope
flowtriq.com and all subdomains Web application, API endpoints, authentication flows, dashboard features
ftagent (open-source monitoring agent) Agent binary, configuration handling, data transmission, authentication
Flowtriq API REST API including agent ingestion and dashboard API endpoints

Out of scope:

  • Social engineering or phishing attacks targeting Flowtriq staff or customers.
  • Physical security attacks against our infrastructure.
  • Denial of service (DoS/DDoS) attacks against Flowtriq systems.
  • Vulnerabilities in third-party services we use (Stripe, Cloudflare, SendGrid, etc.) — report these to the respective vendor.
  • Issues that require physical access to a user's device.
  • Theoretical vulnerabilities without a working proof of concept.
  • Automated scanner output without manual confirmation of exploitability.
  • Rate limiting or brute-force issues that do not lead to account compromise.

Disclosure Process

  1. 1

    Submit your report Day 0

    Email [email protected] with a clear description of the vulnerability, steps to reproduce, and your assessed impact.

  2. 2

    Acknowledgement Within 5 business days

    We will confirm receipt of your report and provide an initial assessment of severity and scope.

  3. 3

    Triage & remediation Ongoing

    Our team investigates, confirms the issue, and develops a fix. We will keep you updated on progress. Critical vulnerabilities are prioritised for immediate remediation.

  4. 4

    Verification After fix deployed

    We will ask you to confirm that the issue has been resolved to your satisfaction before we consider the report closed.

  5. 5

    Coordinated disclosure 90-day window

    We ask researchers to refrain from public disclosure for 90 days after the initial report to allow time for remediation. If you plan to publish your findings, please coordinate with us in advance. We will credit you in any public disclosure unless you prefer to remain anonymous.

Safe Harbor

Flowtriq will not pursue legal action against researchers who:

  • Act in good faith and in accordance with this policy.
  • Do not access, modify, or delete data beyond what is necessary to demonstrate the vulnerability.
  • Do not perform actions that could disrupt service for other customers (no DoS, no mass data access).
  • Do not exploit the vulnerability beyond the minimum required to confirm it exists.
  • Report the vulnerability to us before disclosing it publicly or to any third party.
This is not a bug bounty program. Flowtriq does not currently offer monetary rewards for vulnerability reports. We do offer public credit (with your permission), a thank-you from the team, and in some cases, Flowtriq merchandise for high-impact findings.

What We Ask of Researchers

  • Do not access, modify, or delete other users' data. Create your own test account for testing.
  • Do not perform automated scanning that creates significant load on our systems.
  • Do not use social engineering against our staff or customers.
  • Do not publicly disclose until we have confirmed the issue is resolved, or the 90-day window has elapsed and we have been unable to resolve it.
  • Provide enough detail for our team to reproduce and understand the issue.

Penetration Testing Partnership

In addition to community disclosure, Flowtriq conducts annual penetration testing of its platform in partnership with Lorikeet Security. Testing covers web application, API, authentication, and agent communication channels. Enterprise customers may request pen test report summaries under NDA — contact [email protected].

Flowtriq, a brand of traztech · [email protected] · Last updated April 28, 2026
Trust Center  ·  Security Practices