Security Research
Responsible Disclosure
If you've found a security issue in our public-facing systems, we want to hear about it.
In scope
- Our public website and its infrastructure
- Publicly reachable systems explicitly owned by Cyberpert
Out of scope and not permitted
- Any disruption of service (no denial-of-service testing)
- Accessing, downloading, or exfiltrating data that isn't yours
- Social engineering of our staff, clients, or partners
- Physical access attempts against our facilities or third parties
- Testing third-party systems we don't own, even if linked from our site
How to report
Email a clear description, steps to reproduce, and impact assessment to our security contact.
We will not pursue legal action against good-faith researchers who follow this policy.
