Responsible Disclosure

Report a
Vulnerability

Help us strengthen cybersecurity. Report security vulnerabilities in CyberHawkz products and services through our coordinated vulnerability disclosure program.

24hrs

Avg Response Time

6

Researchers

How It Works

Disclosure Process

Our streamlined process ensures your findings are handled with urgency and professionalism.

01

Submit Report

Fill out the vulnerability disclosure form with technical details.

02

Acknowledgment

Our security team acknowledges receipt within 24 hours.

03

Triage & Validate

We triage, reproduce, and validate the reported vulnerability.

04

Resolution & Reward

We fix the issue and reward you per our bounty program.

Severity Levels

Severity Classification

Bounty rewards are determined by the severity and impact of the reported vulnerability.

Critical

Remote code execution, data breach, full system compromise.

High

Privilege escalation, significant data exposure.

Medium

Limited information disclosure, XSS, CSRF.

Low

Minor info leaks, best practice violations.

Submit a Report

Vulnerability Report

Provide as much detail as possible to help our team triage and validate your finding.

Scope

Scope & Rules

Understand what is and isn't covered under our vulnerability disclosure program.

In Scope

  • Our web applications
  • API endpoints
  • Mobile applications
  • Authentication systems
  • Data storage systems
  • Third-party integrations

Out of Scope

  • Social engineering
  • Physical attacks
  • Denial of service
  • Spam
  • Third-party services not owned by us

Safe Harbor

We commit to not taking legal action against researchers who:

  • Conduct research in good faith and without malicious intent
  • Follow this vulnerability disclosure policy
  • Do not cause harm to our systems, data, or users
  • Report vulnerabilities through proper channels