Responsible Disclosure Policy

Last Updated: March 2025

BugZero Cyber Solutions values the security research community. We believe that working with skilled security researchers to identify and fix vulnerabilities helps make our systems and our clients safer. If you have discovered a security vulnerability in our systems, we encourage you to report it responsibly.

Safe Harbor

If you conduct security research in good faith, follow this policy, and report vulnerabilities responsibly, BugZero Cyber Solutions will not pursue legal action against you. We consider your research authorized and will work with you to understand and resolve the issue quickly.

Disclosure Process

1

Discover

Find a potential security vulnerability in BugZero systems within the defined scope.

2

Document

Document the vulnerability with steps to reproduce, potential impact, and any supporting evidence (screenshots, PoC).

3

Report

Submit your report to security@bugzero.solutions with the subject line "Responsible Disclosure: [Brief Description]".

4

Acknowledge

We'll acknowledge receipt within 24 hours and provide a tracking reference number.

5

Triage

Our security team will investigate and validate your finding within 7 business days.

6

Resolution

We'll work to remediate validated vulnerabilities and notify you when fixed. Recognition provided upon request.

In Scope

  • bugzero.solutions — main website and all subdomains
  • bugzero.ai — company brand domain
  • All BugZero-owned web applications and APIs
  • BugZero client portal and dashboard systems

Out of Scope

  • Denial of Service (DoS/DDoS) attacks
  • Social engineering attacks against BugZero staff
  • Physical security attacks
  • Vulnerabilities in third-party services we use
  • Automated scanning without prior permission
  • Vulnerabilities requiring unlikely user interaction

Researcher Guidelines

To qualify for safe harbor protection and potential recognition, please follow these guidelines:

  • Do not access, modify, or delete data that does not belong to you
  • Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
  • Do not perform testing that could impact service availability
  • Do not share vulnerability details publicly until we have confirmed the fix
  • Provide detailed reproduction steps to help us verify and fix quickly
  • Give us reasonable time (90 days) to address the issue before public disclosure

Recognition & Rewards

While this is a non-monetary vulnerability disclosure program (VDP), we recognize the valuable contribution of security researchers:

  • Public acknowledgment in our Security Hall of Fame (with your consent)
  • LinkedIn recommendation from BugZero leadership
  • Certificate of appreciation for responsible disclosure
  • Potential future collaboration opportunities

Found a Vulnerability?

Report it responsibly and help us make BugZero and the internet safer.

Report to security@bugzero.solutions

We acknowledge all reports within 24 hours

Privacy PolicyTerms of Service