Last Updated: March 1, 2026

At CyberGuards, security is at the core of everything we do. We appreciate the security research community and welcome responsible disclosure of vulnerabilities that may affect our website, infrastructure, or services. This page outlines our responsible disclosure policy and how to report security issues to our team.

1. Responsible Disclosure Policy

We believe that working with skilled security researchers is essential to maintaining the security and privacy of our users and systems. If you believe you have discovered a security vulnerability in our website or services, we encourage you to report it to us responsibly.

We ask that you:

• Report promptly: Notify us as soon as practicable after discovering a potential vulnerability
• Provide sufficient detail: Include enough information for us to reproduce and validate the issue, such as the URL, parameters involved, and steps to reproduce
• Allow reasonable time: Give us a reasonable period (minimum 90 days) to investigate and address the issue before making any public disclosure
• Act in good faith: Avoid actions that could negatively impact our users, systems, or data
• Do not exploit: Do not leverage a discovered vulnerability beyond what is necessary to demonstrate the issue

2. Reporting Guidelines

When submitting a vulnerability report, please include the following information:

• Description: A clear and detailed description of the vulnerability, including its type (e.g., XSS, SQL injection, CSRF, SSRF, authentication bypass)
• Location: The affected URL, endpoint, parameter, or component
• Reproduction Steps: Step-by-step instructions to reproduce the vulnerability
• Impact Assessment: Your assessment of the potential impact and severity
• Proof of Concept: Screenshots, HTTP request/response pairs, or a minimal proof-of-concept (avoid destructive PoCs)
• Environment: Your browser, operating system, and any tools used
• Contact Information: A way for us to reach you for follow-up questions

2.1 How to Report

Send your vulnerability report via encrypted email to:

We will acknowledge receipt of your report within 2 business days and provide an initial assessment within 5 business days.

3. Scope

The following systems and services are within the scope of our responsible disclosure policy:

• The CyberGuards website at cyberguards.ai and all subdomains
• CyberGuards web applications and APIs
• CyberGuards email infrastructure

3.1 Out of Scope

The following are considered out of scope and should not be tested or reported:

• Physical security attacks or social engineering of CyberGuards employees
• Denial-of-service (DoS/DDoS) attacks
• Automated vulnerability scanning that generates excessive traffic
• Spam or phishing attacks against CyberGuards users or employees
• Third-party services or applications not owned or controlled by CyberGuards
• Attacks requiring physical access to user devices
• Issues in software or systems not developed or maintained by CyberGuards

4. Safe Harbor Statement

CyberGuards supports the security research community and values good-faith vulnerability research. In alignment with this commitment, we provide the following safe harbor protections:

• No legal action: We will not initiate legal action against researchers who discover and report vulnerabilities in accordance with this policy
• Good faith protection: We consider security research conducted consistent with this policy to be authorized and will not pursue civil or criminal claims against researchers acting in good faith
• CFAA Safe Harbor: We will not bring claims under the Computer Fraud and Abuse Act (CFAA) against researchers who comply with this policy
• DMCA Safe Harbor: We will not bring claims under the Digital Millennium Copyright Act (DMCA) for circumvention of technology controls when conducting authorized security research under this policy
• Law enforcement cooperation: If a third party initiates legal action against you for activities conducted in compliance with this policy, we will take steps to make it known that your actions were authorized

This safe harbor applies only to legal claims under the control of CyberGuards and does not bind independent third parties.

5. What We Commit To

When you report a vulnerability in accordance with this policy, we commit to:

• Acknowledging your report within 2 business days
• Providing an initial assessment and severity rating within 5 business days
• Keeping you informed of remediation progress
• Working to remediate confirmed vulnerabilities in a timely manner
• Crediting you (if desired) when we publicly address the vulnerability
• Not taking legal action against you for good-faith research that follows this policy

6. Bug Bounty Program

We are currently developing a formal bug bounty program to provide monetary rewards for qualifying vulnerability reports. Details including scope, reward tiers, and eligibility criteria will be announced on this page when the program launches.

In the meantime, we greatly appreciate all responsible disclosures and will publicly acknowledge (with your permission) researchers who submit valid vulnerability reports.

To be notified when our bug bounty program launches, email [email protected] with the subject line "Bug Bounty Interest."

7. Security Best Practices

As a cybersecurity company, we practice what we preach. Our security measures include:

• Regular penetration testing and security assessments of our own infrastructure
• Encrypted communications (TLS 1.3) for all web traffic
• Multi-factor authentication for all internal systems
• Regular security awareness training for all team members
• Incident response planning and regular tabletop exercises
• Continuous monitoring and logging of security events
• Principle of least privilege for access controls

8. Contact

For security-related inquiries or vulnerability reports:

• Security Reports: [email protected]
• General Inquiries: [email protected]
• Security.txt: /.well-known/security.txt