Legal & Transparency

These Terms govern your access to Tiresis, including the website, dashboard, data feeds, and any publications made available through this platform.

By accessing or using the Service, you confirm that you have read, understood, and agree to be bound by these Terms. If you do not agree, you must discontinue use immediately.

We reserve the right to modify these Terms at any time. Changes will be posted on this page with an updated date. Continued use after changes constitutes acceptance.

The Service is provided free of charge for informational and research purposes. You may:

Access and browse the dashboard for personal, educational, journalistic, or internal business research.

Reference and cite our data in reports, articles, or presentations, with clear attribution to Tiresis and a link to the original source where applicable.

Share links to specific CVEs, forecasts, or pages with colleagues, clients, or the public.

Commercial resale. You may not sell, license, or redistribute data or derivative datasets without prior written consent.

Systematic scraping. Automated bulk downloading beyond the official API is prohibited without a valid API key.

Misrepresentation. You may not present our data or scoring methodology as your own original research or remove attribution.

Harmful use. You may not use the Service to facilitate harassment or harm against any organization or individual.

The underlying vulnerability data is derived from public sources (NVD, CISA, EPSS). We do not claim ownership of this factual information.

Our proprietary elements — SMB Attack Probability Score™ methodology, database structure, classification taxonomy, visual design, written analysis, forecast engine, and software — are the intellectual property of Tiresis and protected by applicable copyright law.

Tiresis aggregates and enriches vulnerability data using automated pipelines sourcing from NVD, CISA KEV, EPSS, GitHub Advisory, OSV.dev, and other public feeds. Known limitations include potential scoring delays, incomplete enrichment on newly published CVEs, and reliance on third-party source accuracy.

The Service is provided "as is" without warranties of any kind, express or implied. See our Methodology — Limitations for full detail.

Nothing published on Tiresis constitutes legal, regulatory, financial, or cybersecurity advice. The information is for general awareness and planning purposes only.

Do not rely on this Service as a substitute for professional security assessment, legal counsel regarding breach obligations, or incident response guidance.

To the fullest extent permitted by applicable law, Tiresis and its operators shall not be liable for any direct, indirect, incidental, or consequential damages arising from your use of or reliance on the Service or the data it contains.

Each CVE record includes links to original public sources including NVD, vendor advisories, and exploit databases. Tiresis does not endorse or take responsibility for third-party content. External links may become unavailable or change after indexing.

If a linked source contains inaccurate information, contact the source directly. If the error is in our scoring or classification, use the correction form below.

If you believe a CVE record or risk score contains an error — in classification, scoring, vendor attribution, or any other field — we want to know.

What we will do. We review every request. If substantiated by verifiable evidence, we update the record and note the correction. We aim to respond within 5 business days.

What we will not do. We will not suppress a CVE solely because a vendor prefers it not be highlighted. If publicly disclosed by NVD or CISA, it is part of the public record.

Right to erasure (GDPR Art. 17). If your personal data has been incorrectly included, select "Personal data erasure request" in the form below. We will respond within the legally required timeframe.