Security Policy

Vulnerability Disclosure and Security Research Guidelines

Reporting Security Vulnerabilities

We take security seriously and appreciate responsible disclosure. If you discover a security vulnerability in our systems, please report it to us through the following channels:

  • Primary Contact: disclosure@ravencybersec.com
  • Alternative Contact: security@ravencybersec.com
  • General Inquiries: info@ravencybersec.com
  • Encrypted Communication: Use our PGP key for sensitive communications

Response Timeline

We are committed to responding to security reports promptly:

  • Initial Response: Within 48 hours of report submission
  • Status Updates: Weekly updates on investigation progress
  • Resolution: As quickly as possible, typically within 30 days

What We Expect

To ensure a smooth and effective security research process:

  • Provide clear, detailed descriptions of vulnerabilities
  • Include steps to reproduce the issue
  • Respect our systems and avoid causing damage
  • Allow reasonable time for fixes before public disclosure
  • Act in good faith and with professional conduct

What You Can Expect

We commit to treating security researchers with respect and professionalism:

  • Confidential handling of your report
  • Regular communication throughout the process
  • Recognition in our security acknowledgments (if desired)
  • No legal action for good-faith security research
  • Collaboration on responsible disclosure timeline

Out of Scope

The following activities are not covered under this policy:

  • Social engineering attacks
  • Physical security testing
  • Denial of service attacks
  • Testing on third-party services we use
  • Any activity that could cause harm to our users or systems

Recognition

We believe in recognizing security researchers who help improve our security posture. With your permission, we will:

  • List your name in our security acknowledgments
  • Provide a certificate of appreciation
  • Consider additional recognition for significant findings

Legal Safe Harbor

We provide legal safe harbor for security research conducted in accordance with this policy. We will not pursue legal action against researchers who:

  • Act in good faith and follow this policy
  • Do not access or modify data beyond what is necessary
  • Do not cause harm to our systems or users
  • Report vulnerabilities responsibly

Contact Information

For security-related communications: