RESPONSIBLE DISCLOSURE POLICY

Introduction

At PyneGuard, a product of Pynesec Technologies, the security of our SaaS applications and user data is our top priority. We value the contributions of ethical security researchers and encourage the responsible disclosure of vulnerabilities to enhance our security posture.

Scope

This policy applies to:

  • PyneGuard SaaS application.
  • Associated infrastructure under Pynesec Technologies’ control, including web applications, REST API’s, and mobile applications.
  • All related systems and services owned or operated by Pynesec Technologies.

Please refrain from testing systems outside this scope.

All rights reserved to Pynesec Technologies.

Responsible Disclosure Guidelines

By participating in PyneGuard's VDP, you agree to:

  1. Report vulnerabilities exclusively to [email protected] .
  2. Avoid exploiting, modifying, or accessing data beyond what is necessary to demonstrate the issue.
  3. Refrain from public disclosure of vulnerabilities until PyneGuard (and Pynesec) has issued a fix.
  4. Maintain confidentiality regarding discovered vulnerabilities, even after they are resolved.
  5. Ensure that your activities do not disrupt PyneGuard or other Pynesec services or affect our users.

Recognition

We acknowledge the contributions of ethical security researchers:

  • Verified reports of security vulnerabilities will be recognized in the PyneGuard Hall of Fame.
  • No monetary rewards are offered; recognition is via the Hall of Fame only.

Legal Boundaries

By participating in this program, you agree to:

  • Abide by all applicable laws and regulations.
  • Avoid any unauthorized access to systems outside the defined scope.
  • Understand that any attempt to exploit, sell, or publicly disclose vulnerabilities without authorization will result in legal action to the fullest extent permitted by law.

Reporting Process

  1. Identify a potential vulnerability within the defined scope.
  2. Send a detailed report to [email protected] including:
    • Steps to reproduce the issue.
    • Potential impact.
    • Any relevant screenshots or logs.
  3. Pynesec’s security team will review and acknowledge your report.
  4. Once verified and fixed, your contribution will be recognized in the PyneGuard Hall of Fame.

Disclaimer

Participation in this program does not authorize any illegal or unethical activity. All rights are reserved to Pynesec Technologies,and Pynesec reserves the right to take legal action if the guidelines are violated.