Reporting a Security Issue

Last updated 10 April 2025.

This document describes how to report security vulnerabilities affecting Oper products in a responsible and efficient way.

This process applies to:
‍
• Oper platform and services;
‍
• APIs and integrations;
‍
• Infrastructure or data handling issues.

Security issues should be reported by email to: security@opercredits.com

Please include the following information in your report:
‍
• Description of the issue;
‍
• Steps to reproduce the vulnerability;
‍
• Affected system(s) or endpoints;
‍
• Potential impact (what could happen if exploited);
‍
• Any supporting material (screenshots, logs, proof of concept).

• You will receive an acknowledgment of your report;
‍
• Oper will investigate and assess the issue;
‍
• If validated, the issue will be prioritized and remediated.

When reporting a vulnerability, please:

• Do not exploit the issue beyond what is necessary to demonstrate it;
‍
• Do not access, modify, or delete user data;
‍
• Do not disclose the issue publicly until it has been resolved.

Oper may contact you for: clarification or additional details and validation of a fix.

Oper will not take legal action against researchers who:

• Act in good faith;
‍
• Follow this process;
‍
• Do not intentionally harm Oper systems or users.