Vulnerability Disclosure
We value the work of security researchers. If you believe you have found a vulnerability in our website or services, we want to hear from you.
[email protected] mailbox, before publishing.Last updated: [ date ]
1. Our commitment
Secured Wall practices what we advise our clients: we welcome good-faith security research and coordinated disclosure. We will work with you to understand, validate, and remediate any legitimate issue you report.
2. Scope
This policy covers www.securedwall.com and services operated by Secured Wall. If you are unsure whether a system is in scope, ask us first at the address below.
3. How to report
Email [email protected] (also published in our security.txt). Please include: a description of the issue, the affected URL or system, steps to reproduce, and any proof-of-concept detail. Encrypted reports are welcome — request our key at the same address.
4. What to expect
We aim to acknowledge your report within three business days, keep you informed as we validate and remediate, and — with your permission — credit you once the issue is resolved. We do not currently operate a paid bug-bounty program.
5. Rules of engagement
To keep research safe for everyone: do not disrupt services or degrade availability (no denial-of-service testing); do not use social engineering, phishing, or physical intrusion; access only the minimum data needed to demonstrate the issue, and do not view, modify, or retain data belonging to others; stop testing and report immediately if you encounter personal or sensitive data.
6. Safe harbor
We will not pursue legal action against research conducted in good faith and in line with this policy. We consider such research authorized, and we will say so if a third party raises a claim relating to it.
7. Active incidents
This channel is for vulnerability reports. If your organization is experiencing an active security incident, use our incident response contacts instead.