Responsible Disclosure
Effective Date: April 25, 2025
Cyber.Irish is committed to maintaining the security of our systems and safeguarding client data. We welcome and encourage responsible security researchers to report potential vulnerabilities in a safe, coordinated, and respectful manner.
1. Reporting a Vulnerability
If you believe you’ve discovered a vulnerability in any of our systems, services, or applications, please report it promptly by emailing [Loading email...]. Include sufficient details for us to reproduce and validate the issue, such as:
- A clear and concise description of the vulnerability
- Steps to reproduce or a working proof-of-concept (PoC)
- The impact of the issue and affected systems (if known)
- Your contact details (optional, if you wish to be acknowledged)
2. What You Can Expect
We take all submissions seriously and commit to the following process:
- Initial acknowledgment within 5 business days
- Thorough investigation and validation of the reported issue
- Timely resolution or mitigation of confirmed vulnerabilities
3. Guidelines for Responsible Reporting
To ensure your actions remain ethical and within scope, please:
- Avoid accessing, modifying, or deleting data you do not own
- Do not perform actions that may impact the availability of our services (e.g., DDoS)
- Report the issue privately and avoid public disclosure until it is resolved
- Comply with all applicable laws and avoid violating user privacy
4. Scope and Out of Scope Issues
While we welcome reports, the following are generally out of scope unless you can demonstrate significant impact:
- Clickjacking on pages with no sensitive data
- Rate limiting or brute-force findings without practical exploitability
- Missing SPF/DKIM/DMARC configurations unless leading to spoofing risk
- Software version disclosures without known exploits
5. Safe Harbor
We support good-faith security research. If your report follows the guidelines of this policy, we will not pursue legal action against you for your responsible disclosure.
6. Contact
For all responsible disclosure inquiries, email us at: [Loading email...]