Security Policy.
Effective date: June 13, 2026. This policy outlines our vulnerability reporting process, responsible disclosure terms, and active platform safety controls.
1. Responsible Disclosure Contact
OmeraCode takes B2B design security seriously. If you discover a vulnerability or potential leakage vector in our portal or platform, please contact our security team directly at security@omeracode.com.
2. Coordinated Vulnerability Disclosure Rules
We aim to acknowledge valid reports within 5 business days and coordinate a remediation timeline based on severity and operational risk. In order to protect proprietary customer hardware assets, we ask that you do not publish details of any vulnerability before a mitigation is completed or before an agreed-upon disclosure date.
3. Prohibited Testing Techniques
We explicitly prohibit testing techniques that compromise operational integrity or violate privacy laws:
- Social engineering, phishing, or physical security attacks against OmeraCode employees or partners.
- Distributed Denial of Service (DDoS) or brute-force rate-limiting bypass tests.
- Accessing or attempting to modify hardware data belonging to other workspaces.
4. Platform Safety Architecture
Every workspace deployment runs inside sandboxed isolation barriers. Our telemetry is designed to scrub and strip all PII and sensitive EDA parameters. Private enterprise runtimes operate locally and are air-gapped by design, ensuring zero telemetry leaves your private network.