Responsible Disclosure Policy

At imizicyber, we take security seriously -- not only for our clients, but for our own systems as well. We welcome and appreciate security researchers who take the time to report vulnerabilities responsibly.

Scope

This policy applies to the following assets owned and operated by IMIZI Cyber Consulting Ltd:

• imizicyber.com and all subdomains
• Any publicly accessible services or APIs operated by imizicyber

How to report a vulnerability

Please send your report to security@imizicyber.com. We strongly encourage you to encrypt your report using our PGP public key.

Your report should include:

• A clear description of the vulnerability
• Steps to reproduce the issue
• The potential impact of the vulnerability
• Any proof-of-concept code, screenshots, or logs (if applicable)
• Your contact information for follow-up

What to expect

• Acknowledgement: We will acknowledge receipt of your report within 48 hours
• Triage: We will assess the report and provide an initial severity rating within 5 business days
• Updates: We will keep you informed of our progress towards remediation
• Resolution: We will notify you when the vulnerability has been fixed

Our commitments

• We will not take legal action against researchers who follow this policy
• We will work with you to understand and resolve the issue
• We will credit you (if desired) when we disclose the vulnerability
• We will respond to your report in a timely manner

Rules of engagement

We ask that you:

• Do not access, modify, or delete data that does not belong to you
• Do not perform denial-of-service attacks
• Do not perform social engineering attacks against our staff
• Do not publicly disclose the vulnerability until we have had a reasonable opportunity to remediate
• Make a good-faith effort to avoid privacy violations and disruption to our services

Thank you for helping us keep our systems and our clients secure.