Vulnerability Disclosure
Report a security issue.
We take every security report seriously. If you believe you've found a vulnerability in Roster, please disclose it responsibly so we can investigate and resolve it quickly.
Send your report to
security@rostergiving.com
We commit to acknowledging your report within 48 hours and providing an initial assessment within 5 business days.
What to include
- Description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Affected URLs, endpoints, or components
- Any supporting evidence (screenshots, logs, proof of concept)
- Your contact information for follow-up
Responsible Disclosure
Disclosure guidelines.
Notify us privately
Contact us directly at security@rostergiving.com before making any vulnerability details public. This gives us time to protect our customers.
Allow investigation time
Give us a reasonable window to investigate and remediate the reported issue before disclosing it to third parties or the public.
Protect customer data
Do not access, modify, or delete any customer data during your research. Use test accounts and minimal proof-of-concept demonstrations.
Provide reproduction details
Include enough technical detail for us to reproduce and verify the vulnerability — steps, tools used, affected endpoints, and expected vs. actual behavior.
Ready for IT review?
Most hospital IT reviews complete in 1-2 weeks. We provide everything your team needs.
Schedule Demo