Last Updated: July 15, 2024
At Cylitic Security, we prioritize the security of our systems and data. We value the contributions of the security research community in identifying vulnerabilities. This policy outlines our commitment to responsible disclosure and the process for reporting potential security issues.
This policy applies to: • All web applications, services, and products developed or managed by Cylitic Security. • Any vulnerabilities identified in third-party components utilized within our systems.
If you have discovered a security vulnerability, we encourage you to report it to us responsibly. Please include the following details: • A detailed description of the vulnerability. • Steps to reproduce the vulnerability. • Potential impact of the vulnerability. • Any proof-of-concept code, if available.
Vulnerabilities should be reported to our security team through one of the following channels: • Email: security@cylitic.com • Our Public Key can be found: Here
Upon receiving a vulnerability report, we commit to: • Acknowledging receipt of the report within 48 hours. • Providing an estimated timeline for addressing the vulnerability. • Keeping the reporter informed about the status of their report. • Offering recognition for the discovery of the vulnerability, if desired and permitted by the reporter.
To protect our users and services, we request that researchers: • Give us a reasonable time to investigate and mitigate the reported vulnerability before making any information public. • Avoid violating privacy, destroying data, or interrupting our services. • Act in good faith to avoid privacy violations, destruction of data, and interruption or degradation of our services.
We will not initiate legal action against researchers who: • Follow this responsible disclosure policy in good faith. • Avoid violating any applicable laws or regulations.
We believe in recognizing the efforts of security researchers. Researchers who report valid security vulnerabilities may receive: • Public acknowledgment on our website or other platforms. • Unfortunately, at this time, we cannot offer monetary rewards for any findings.
For more information, or if You have questions or concerns regarding Cylitic Security’s Responsible Disclosure Policy, You may email us at security@cylitic.com