Responsible Disclosure Policy

Scope

This policy governs the reporting of security vulnerabilities affecting CtrlSec platforms and associated infrastructure.

Security researchers acting in good faith under this policy will not face legal action for compliant vulnerability research.

Submit vulnerabilities through official channels or via email at founders@ctrlsec.io. Include reproduction steps and impact analysis.

We aim to acknowledge reports within 72 hours and resolve valid vulnerabilities within reasonable timelines depending on severity.

This policy governs the reporting of security vulnerabilities affecting CtrlSec platforms and associated infrastructure.

Security researchers acting in good faith under this policy will not face legal action for compliant vulnerability research.

Submit vulnerabilities through official channels or via email at founders@ctrlsec.io. Include reproduction steps and impact analysis.

We aim to acknowledge reports within 72 hours and resolve valid vulnerabilities within reasonable timelines depending on severity.