Skip to content Skip to sidebar Skip to footer
Start Trial
Buy Now
Log in
Close

Vulnerability Disclosure & Beta Feedback

At Vector GFX, we value the input of our technical illustrator community. Whether you are using our canvasxdraw Windows/macOS or GEO applications or participating in our latest Beta builds, we encourage you to report any security concerns or product defects.

I. Scope of Program

  • In-Scope (Security Testing): All current stable releases and active Beta versions of canvasxdraw for Windows and macOS and canvasxdrawGEO.
  • Out-of-Scope: Any version marked “End of Life” (EOL) over 5 years ago, third-party plug-ins not authored by Vector GFX, and our marketing website. Visit our EOL policy in our knowledge center (add link)
  • Beta Program: Participants in our Customer-Tested Beta Program are explicitly authorized to perform security research on pre-release builds, provided it does not disrupt the beta environment for other users.

II. How to Report

To ensure your report reaches the right team, please use the appropriate channel:

  • Security Vulnerabilities: Email support@vectorgfx.net. (e.g., memory corruption, unauthorized data access, installer spoofing).
  • Product Defects / Bugs: Use the Beta Feedback Process or email support@vectorgfx.net. (e.g., tool crashes, rendering artifacts, UI glitches).

Safe Harbor Commitment

At VectorGFX we value the security community and believe that responsible disclosure of security vulnerabilities is essential to keeping our users safe. If you believe you have found a security vulnerability in our desktop application, we encourage you to let us know right away.

If you make a good faith effort to comply with this policy during your security research, we will:

  • Consider your research to be authorized.
  • Not initiate or support legal action against you (including under the CFAA or DMCA).
  • Work with you to understand and resolve the issue quickly.

Note: If a third party initiates legal action against you and you have followed this policy, we will take steps to make it known that your actions were conducted with our permission.

To qualify for Safe Harbor, we ask that you:

  • Do no harm: Avoid privacy violations, destruction of data, or interruption of our services.
  • Report quickly: Notify us as soon as you discover a real or potential vulnerability.
  • Keep it confidential: Give us a reasonable amount of time (we suggest 90 days) to fix the issue before you share it with anyone else.
  • Stick to the Scope: Only test the systems listed below.
  • In-Scope: VectorGFX’s canvasxdraw Desktop Application (Windows/macOS) and our official website www.vectorgfx.net
  • Out-of-Scope: Social engineering (phishing) our employees, physical security of our office, and third-party services we use (AWS, Github, others)

How to Report

Please send an email to support@vectorgfx.net Please include:

  1. A description of the vulnerability.
  2. The steps needed to reproduce it (Proof of Concept).
  3. The potential impact (what could a “bad guy” do with this?).