Image

Internal Vulnerability Disclosure

Home Internal Vulnerability Disclosure

 

Responsible Vulnerability Disclosure Policy

 
At Trinity Cyber Security (Trinity), security is our top priority. We are committed to safeguarding our systems, clients, and data, and we recognise the crucial role that security researchers and the wider community play in responsibly identifying and reporting vulnerabilities.

If you discover a security vulnerability in our systems, we encourage you to report it to us as soon as possible following the guidelines outlined below.
 

Reporting a Vulnerability

 
If you believe you have found a security issue in our applications, website, or infrastructure, please email us at [email protected] with the following details:

  • A clear description of the vulnerability, including steps to reproduce it.

    •  

  • The potential impact of the vulnerability.

    •  

  • Any proof-of-concept code, screenshots, or relevant logs.

    •  

  • Your contact details for further communication (optional, unless requesting acknowledgement or credit).

    •  

 

Guidelines for Responsible Disclosure

 
To ensure a constructive and collaborative process, we ask that you:

  • Do not exploit the vulnerability beyond what is necessary for verification.

    •  

  • Do not publicly disclose the vulnerability before we have had reasonable time to address it.

    •  

  • Do not access, modify, or delete any data that does not belong to you.

    •  

  • Do not use automated tools that could degrade service availability.

    •  

  • Comply with all applicable laws and ethical security research standards.

    •  

We aim to investigate all reports promptly and work towards a resolution as quickly as possible.
 

Disclosure Timeline

 
We strive to follow a structured timeline for handling vulnerability reports:

  • Acknowledgement: We will acknowledge receipt of your report within 3 business days.

    •  

  • Initial Assessment: We will evaluate the vulnerability and its impact within 10 business days.

    •  

  • Remediation Plan: If confirmed, we will develop a plan to fix the issue and provide an estimated timeline within 30 business days.

    •  

  • Resolution: We aim to resolve critical vulnerabilities within 90 days, depending on complexity and severity.

    •  

  • Public Disclosure: If applicable, we will coordinate a responsible public disclosure with the researcher once a fix has been implemented.

    •  

 

Recognition & Acknowledgement

 
We deeply appreciate the efforts of responsible security researchers and, where applicable, may offer public acknowledgement, bug bounty rewards, or other incentives for valid reports. However, this is at our discretion and does not imply any financial reward or contractual agreement.
 

Legal Considerations

 
We will not pursue legal action against researchers who act in good faith, follow this policy, and do not cause harm to our users, systems, or data.
 
Thank you for partnering with Trinity Cyber Security to improve security for our clients and the community.