Disclaimer

⚠️ Important Disclaimer: VulnX provides professional security review services but takes no responsibility for security outcomes or compliance requirements. Please read this disclaimer carefully.

1. No Guarantee of 100% Security

Critical Understanding: VulnX security reviews identify vulnerabilities and security risks, but they do not guarantee that your website is completely secure.

Even after receiving a clean report:

• New vulnerabilities may be discovered
• Security threats evolve constantly
• Zero-day exploits may exist that we don't test for
• Your website can still be breached if proper security practices are not followed
• Third-party services or dependencies may have vulnerabilities

⚠️ Security is an ongoing process, not a one-time event. VulnX reviews provide a snapshot of your security posture at a specific point in time.

2. Scope & Testing Limitations

VulnX reviews are limited by:

Access Limitations

• We can only test what is publicly accessible
• Protected areas (admin panels, user sections) are limited by access permissions you provide
• Internal networks or systems not exposed to the internet are outside our scope
• Some vulnerabilities may only be discoverable with authentication or special access

Testing Type Limitations

• We perform vulnerability assessments, not full penetration tests (unless Priority tier)
• We test for known attack vectors and common issues, not novel exploits
• We do not test Denial-of-Service (DoS) attacks or load testing
• Code review is limited to accessible and applicable code (Priority tier only)
• Physical security, data center security, or network infrastructure outside the website is not tested

Time & Resource Limitations

• Reviews are completed within the timeframe specified for your plan
• Thorough security work requires time; faster reviews may miss some issues
• Complex or large applications may require more extensive review (available in Priority tier)
• We test what we can access within the agreed time and scope

3. Environmental & Temporal Factors

VulnX does not guarantee findings will remain accurate because:

• Configurations Change: If you update servers, frameworks, or libraries after the review, new issues may emerge
• Security Patches: Some findings may be patched, but new vulnerabilities in patches may exist
• Environment Differences: Staging and production environments may have different configurations
• Third-Party Changes: Updates to plugins, themes, or dependencies can introduce new vulnerabilities
• Time Decay: Reviews are valid at the time of testing but may not reflect current state

4. False Positives & False Negatives

Like all security testing:

False Positives (Reported Issues That Aren't Actually Vulnerabilities)

• Automated tools may flag behaviors that are not actual security issues
• Context-specific implementations may appear risky but are secure
• Our manual review reduces false positives, but they can still occur

False Negatives (Real Vulnerabilities We Don't Discover)

• No security review finds all vulnerabilities
• Complex logic errors, business logic flaws, or uncommon attack vectors may be missed
• Time and scope constraints may mean some vulnerabilities aren't discovered

5. Not Legal Advice or Compliance Certification

VulnX is not a legal firm and does not provide legal, compliance, or regulatory advice.

• VulnX reviews do not constitute compliance with GDPR, HIPAA, PCI-DSS, or other regulations
• Compliance requires far more than security testing (policies, procedures, audit trails, etc.)
• We may identify compliance-related findings, but passing a VulnX review does not mean you are compliant
• You must consult with legal counsel and compliance experts for regulatory requirements
• VulnX does not issue compliance certifications or audits

6. Your Responsibility for Security Implementation

VulnX provides findings and recommendations, but you are responsible for:

• Understanding findings and their security implications
• Implementing remediation recommendations appropriately
• Testing fixes in your own environment before deploying
• Maintaining ongoing security practices and updates
• Monitoring your website for intrusions or unauthorized activity
• Keeping software, frameworks, and dependencies updated
• Implementing additional security measures beyond VulnX recommendations

⚠️ VulnX is not responsible if your website is breached after receiving a report. Security is your responsibility.

7. Security After Review Completion

Even after you implement all VulnX recommendations:

• New vulnerabilities can emerge from third-party updates
• Previously unknown vulnerabilities (zero-days) may be discovered publicly
• Attackers may discover new attack vectors not tested by VulnX
• Your configuration may drift over time, reintroducing issues
• Social engineering or insider threats are outside the scope of technical reviews

Best Practice: Schedule regular security reviews every 6-12 months to stay ahead of evolving threats.

8. Third-Party Services & Dependencies

VulnX is not responsible for:

• Vulnerabilities in third-party plugins, templates, or libraries
• Security issues in integrated payment systems or services
• Compromises of third-party APIs or services your website depends on
• Vulnerabilities in your hosting provider's infrastructure
• Data breaches at third-party services you integrate with

9. Professional Judgment in Findings

Some findings involve judgment calls:

• Severity ratings are professional opinions based on industry standards
• Risk assessment may differ based on your specific context
• Whether a finding is critical depends on your business and data sensitivity
• We make reasonable professional judgments, but you may disagree with severity or risk assessment

10. Warranty Disclaimer

VulnX services are provided "AS IS" without warranties:

• We do not warrant that reports are error-free or complete
• We do not warrant that findings are applicable to your specific environment
• We do not warrant that your website will be secure after implementing recommendations
• We do not warrant that the platform will be uninterrupted or always available

11. Limitation of Liability

VulnX is not liable for:

• Any data breach, security incident, or compromise of your website
• Loss of revenue, business interruption, or lost profits due to security issues
• Indirect, incidental, special, or consequential damages from security findings
• Regulatory fines or compliance violations
• Third-party claims related to your website's security

Questions About This Disclaimer?

If you have questions about our scope, limitations, or disclaimer, please contact us: