Cyber Emergency

Responsible Disclosure Policy

  • Home
  • Responsibile Disclosure Policy
CyberXperts.ai

Responsible Disclosure Policy

At CyberXperts.ai, security is the foundation of everything we do. As a cyber security services provider, we recognise the important role that independent security researchers, ethical hackers, and responsible users play in helping identify vulnerabilities that may impact the confidentiality, integrity, or availability of systems.

This Responsible Disclosure Policy outlines how to report potential security vulnerabilities related to CyberXperts.ai systems, websites, or services, and describes the expectations and protections for those who report issues responsibly and in good faith.

“Responsible disclosure is a partnership between organisations and the security community — built on trust, transparency, and professionalism.”

CyberXperts.ai Security Governance Approach

1. Purpose of This Policy

The purpose of this policy is to:

  • Encourage responsible reporting of security vulnerabilities
  • Provide clear guidance on how to submit vulnerability reports
  • Define acceptable testing and research activities
  • Protect researchers acting in good faith
  • Ensure vulnerabilities are resolved efficiently and safely

This policy applies to all CyberXperts.ai-owned systems, websites, applications, and digital assets unless explicitly stated otherwise.

2. Scope of Systems Covered

This Responsible Disclosure Policy applies to:

  • The CyberXperts.ai website (https://cyberxperts.ai)
  • Public-facing web applications operated by CyberXperts.ai
  • Supporting infrastructure directly controlled by CyberXperts.ai

Third-party platforms, client systems, or external services are not covered under this policy unless explicitly authorised in writing.

3. What We Consider a Security Vulnerability

A security vulnerability is any weakness that could be exploited to compromise system security, data confidentiality, integrity, or availability. Examples include (but are not limited to):

  • Authentication or authorisation bypass
  • Remote code execution
  • SQL injection or command injection
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Insecure direct object references
  • Misconfigured access controls
  • Exposure of sensitive information

Reports should include sufficient detail to allow our security team to reproduce and assess the issue.

4. What Is NOT Considered a Vulnerability

The following are generally not considered valid security issues under this policy:

  • Denial-of-service (DoS) or distributed DoS testing
  • Social engineering, phishing, or physical security attacks
  • Spam-related issues
  • Issues requiring unlikely or unrealistic user interaction
  • Vulnerabilities in outdated browsers or unsupported platforms

Automated scanning without prior authorisation is discouraged and may result in reports being rejected.

5. Guidelines for Responsible Testing

We ask that all researchers adhere to the following principles:

  • Act in good faith and avoid privacy violations
  • Do not access, modify, or delete user data
  • Do not disrupt services or degrade performance
  • Limit testing to what is necessary to demonstrate the issue
  • Do not exploit vulnerabilities beyond proof-of-concept

Any activity that causes harm, data loss, or service disruption may result in legal action.

6. How to Report a Vulnerability

If you believe you have discovered a security vulnerability, please report it responsibly by contacting us via:

Email: support@cyberXperts.ai

Please include the following information in your report:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Screenshots or proof-of-concept (if applicable)
  • Your contact information (optional but recommended)

7. Our Commitment to Researchers

CyberXperts.ai commits to:

  • Acknowledge receipt of vulnerability reports within a reasonable timeframe
  • Investigate and validate reported issues responsibly
  • Work toward remediation in a timely manner
  • Maintain open and respectful communication

We do not offer a formal bug bounty program at this time unless explicitly stated otherwise.

8. Legal Safe Harbour

We consider security research conducted in accordance with this policy to be authorised. We will not pursue legal action against individuals who:

  • Act in good faith
  • Follow the guidelines outlined in this policy
  • Do not exploit vulnerabilities for personal gain
  • Do not publicly disclose vulnerabilities before remediation

This safe harbour does not apply to activities that are malicious, reckless, or outside the scope of this policy.

9. Disclosure & Public Communication

Public disclosure of vulnerabilities should only occur after:

  • The issue has been validated and resolved, or
  • Explicit written permission has been granted by CyberXperts.ai

Coordinated disclosure timelines may be agreed upon on a case-by-case basis.

10. Policy Changes

CyberXperts.ai reserves the right to update or modify this Responsible Disclosure Policy at any time. Changes will be published on this page, and continued interaction with our systems constitutes acceptance of the revised policy.