Observation before action
We favor reviewable, explicit workflows over silent mutation. Where products include action-oriented features, they remain deliberate, scoped, and operator approved.
Security
Security Practices and Vulnerability Reporting
AuditWalk is built around system integrity, evidence preservation, and explicit operator control. This page explains how we think about security for our own systems and software, how to report a potential vulnerability, and what we ask from researchers who investigate issues responsibly.
Principles
Least necessary collection
We aim to avoid collecting more information than is needed to operate the product, support users, and maintain licensing, integrity, and service quality.
Clarity over overclaiming
We prefer specific, supportable statements over vague promises. This page describes real practices, not aspirational security theater.
Reporting
How to report a vulnerability
If you believe you have found a vulnerability in AuditWalk software, our website, or related systems, please report it privately with enough detail for reproduction and triage.
Send reports to: info@auditwalk.com
Subject line: [Security] — brief description
Include:
- affected product, page, endpoint, or component
- steps to reproduce
- expected behavior vs. actual behavior
- proof of concept, logs, screenshots, or traces where appropriate
- impact assessment
- your name or handle if you want attribution
What to expect
- We will review credible reports in good faith.
- We may request clarification or reproduction details.
- We prioritize issues based on severity, exploitability, and scope.
- We do not currently operate a bug bounty program.
- We do not promise fixed response windows.
Disclosure Policy
Responsible disclosure expectations
- Do not publicly disclose an issue before we have had a reasonable opportunity to investigate and respond.
- Do not exfiltrate customer data, secrets, credentials, or personal information.
- Do not degrade service availability, spam systems, or conduct destructive testing.
- Do not attempt social engineering, physical intrusion, or attacks against third-party infrastructure we do not control.
- Stop testing immediately if you encounter sensitive data or unintended access.
Good-faith research
We want to encourage good-faith reporting. If you act responsibly, avoid privacy violations and service disruption, and give us a reasonable opportunity to investigate, we will treat your research as intended to improve security rather than harm it.
This page is not legal advice and does not create a bounty program, blanket authorization, or waiver of rights beyond what applicable law requires.
Scope
Typically in scope
- AuditWalk-owned website properties and pages
- Officially distributed AuditWalk software and installers
- License and activation workflows we directly operate
- Product-specific issues that materially affect confidentiality, integrity, or availability
Typically out of scope
- Third-party services, processors, or infrastructure we do not control
- Issues with no realistic security impact
- Purely theoretical findings without reproduction detail
- Social engineering, phishing, or physical attacks
- Denial-of-service testing or destructive fuzzing against production systems
Product Notes
AuditWalk-specific security notes
- Observation and action are intentionally distinct in the product model. Scan, compare, and preflight are read-only by design. Repair requires explicit operator approval.
- By default, scan artifacts and all operational data remain on the user's system. AuditWalk does not automatically transmit filesystem contents or findings to remote servers.
- License validation may involve a lightweight network request carrying only license identifier and version information — no system state or scan data is included.
- Security-sensitive documentation uses canonical CLI grammar consistently to avoid operator confusion about what is and is not executed.
Contact
Security contact
For vulnerability disclosure, security concerns, or questions about this page:
Aden Media Group LLC
Security and general inquiries: info@auditwalk.com
License holder support: help@auditwalk.com