Security Policy

Email security reports to security@beambench.com. Include the affected product or endpoint, steps to reproduce, impact, and any logs or screenshots that help explain the issue.

• Issues that could expose diagnostic reports, attached project files, or admin-only data.
• Authentication, authorization, CSRF, XSS, request smuggling, or injection flaws on BeamBench services.
• Updater, installer, signature-validation, or release-channel problems.
• Desktop-app vulnerabilities that could run code, bypass safety checks, or corrupt user projects.

Please avoid destructive testing, denial-of-service testing, spam floods, social engineering, accessing other users' data, or testing against laser hardware in a way that could create a safety risk. If you need to prove impact, use the smallest non-destructive example that demonstrates the issue.

BeamBench is a small project, but security reports are prioritized. You should receive an acknowledgement when the mailbox is monitored and the report has enough detail to reproduce. There is no bug bounty program for v1.

Product bugs, connection failures, feature requests, and deletion requests should go to support@beambench.com or use the in-app bug-report flow.