Vulnerability policy

Effective date: March 25, 2025

1. Responsible Disclosure

Scenexus has formalised this disclosure for accepting vulnerability reports in the products and services provided by Scenexus. This disclosure covers the following products:

  • The Scenexus Urban Strategy platform
  • The Scenexus website

1.1 Legal posture

Scenexus will not engage in legal action against individuals who submit vulnerability reports and openly accepts reports without pursueing legal action against individuals who:

  • Engage in testing of systems/research without harming Scenexus or our customers.
  • Engage in vulnerability testing within the scope of this vulnerability disclosure.
  • Test on products without affecting customers, or receive permission/concent from customers before engaging in vulnerability testing aginast theri devices/software and so on.
  • Adhere to the laws of their location and the location of Scenexus. For example, violating laws that would only result in a claim by Scenexus (and not a criminal claim) may be acceptable as Scenexus is authorizing the activity (reverse engineering or circumventing protective measures) to improve its system.
  • Refrain from disclosing vulnerability details to the pblic before a mutually agreed-upon time frame expires.

1.2 Terms and condistions

By submitting information in the scope and context of this discosure (“the Report”) to Scenexus:

  • You agree that you are acting in good faith and commit to adhering to the guidelines laid out in this disclosure.
  • You agree that Scenexus may use the Report to update and/or improve its software; and you grant to Scenexus a non-exclusive, perpetual, irrevocable, worldwide, royalty-free license, with the right to sublicense to Scenexus licensees and customers, under all relevant intellectual property rights, to use, publish, and disclose the Report in any manner Scenexus chooses and to display, perform, copy, make, have made, use, sell, and otherwise dispose of Scenexus and its sub licensee’s products or services embodying Report in any manner and via any media Scenexus chooses, without reference to the source. Scenexus shall be entitled to use the Report for any purpose without restriction or remuneration of any kind with respect to you and/or your representatives.

2. How to Submit a Vulnerability

To submit a vulnerability report to Scenexus, please send an e-mail to security@scenexus.com. Scenexus uses the following criteria to prioritize and triage submissions.

2.1 What we would like to see from you

  • Well-­written reports in English.
  • Reports that include proof-­of-­concept code.
  • Reports that include more than only crash dumps or other automated tool output.
  • Reports that include how you found the bug, the impact, and any potential remediation.

2.1 What you can expect from us

  • A timely response to your email.
  • After triage, Scenexus will send an expected timeline, and commit to being as transparent as possible about the remediation timeline as well as on issues or challenges that may extend it.
  • An open dialog to discuss issues.
  • Notification when the vulnerability has been validated and fixed.

Scenexus B.V.

Bezuidenhoutseweg 105
2594 AC The Hague
The Netherlands
Call: (+31) 6 536 385 44

Scenexus Inc.

1700 Lincoln Street 17th Floor
Denver, CO 80203
Unites States of America
Call: (+1) 619 608 5926

About this website

Privacy policy

Vulnerability policy

Disclaimer

Copyright scenexus B.V. ©2025