Templates & Resources
Transparency is a core value at Actyra. We publish the templates and processes we use so that vendors, researchers, and the public can understand exactly how we operate. These templates are free to use and adapt.
Disclosure Templates
These are the actual templates we use when notifying vendors and publishing security advisories. They are published here for full transparency.
Vendor Notification Letter
The template we use for initial vendor notification when a security vulnerability is discovered. Includes: vulnerability summary table, technical details section, disclosure timeline, and our commitments to the vendor.
- Format: Markdown
- Sections: Summary, Technical Details, Remediation, Timeline, Contact
- Includes: Usage notes and contact escalation guidance
Security Advisory
The template we use for publishing security advisories after the disclosure window has elapsed. Follows industry conventions (CERT/CC, Google Project Zero). Includes: CVE/CWE fields, CVSS scoring, timeline, vendor response section.
- Format: Markdown
- Numbering: ACTYRA-[YEAR]-[NUMBER]
- Includes: Publication checklist
Our Processes
For a complete description of how we conduct analysis and handle findings, see:
- Methodology — How we analyze software (tools, process, evidence standards)
- Responsible Disclosure Policy — How we handle security vulnerabilities (90-day timeline, safe harbor)
- Legal Disclosures — Legal basis for our research (fair use, DMCA, case law)
Advisory Numbering
Published security advisories follow the format:
ACTYRA-[YEAR]-[SEQUENTIAL_NUMBER]
Examples:
ACTYRA-2026-001
ACTYRA-2026-002
Internal finding IDs (e.g., ccl-hw-001, avs-ga-001) are used during research and cross-referenced in published advisories alongside the ACTYRA advisory number and any assigned CVE ID.
License
These templates are provided for informational and educational purposes. You are free to use, modify, and adapt them for your own responsible disclosure program. Attribution to Actyra is appreciated but not required.