Home Capabilities Security Focus Areas Reports Events Team Insights R&D Contact Client Portal
Security Research

Responsible Disclosure

If you've found a security issue in our public-facing systems, we want to hear about it.

In scope

  • Our public website and its infrastructure
  • Publicly reachable systems explicitly owned by Cyberpert

Out of scope and not permitted

  • Any disruption of service (no denial-of-service testing)
  • Accessing, downloading, or exfiltrating data that isn't yours
  • Social engineering of our staff, clients, or partners
  • Physical access attempts against our facilities or third parties
  • Testing third-party systems we don't own, even if linked from our site

How to report

Email a clear description, steps to reproduce, and impact assessment to our security contact.

We will not pursue legal action against good-faith researchers who follow this policy.