🛡️ Vulnerability Disclosure Policy (VDP)

SECMONS is committed to maintaining a safe, secure, and resilient online environment.
We value the important work performed by independent security researchers and responsible reporters who help improve user safety.

This Vulnerability Disclosure Policy describes how to report potential security issues and how we handle submissions in a structured, responsible, and ethical manner.

1. Purpose of This Policy

The purpose of this VDP is to:

• provide a clear channel for reporting security concerns
• promote responsible and coordinated disclosure
• reduce risk to users, systems, and data
• encourage good-faith security research
• establish safe, predictable communication expectations

This policy does not authorize or permit any activity that may violate law, disrupt services, or compromise user data.

For legal details, read:
👉 Terms of Service
👉 Disclaimer

2. Scope of Reporting

You may report potential security vulnerabilities related to:

• the SECMONS website
• SECMONS content delivery systems
• publicly accessible SECMONS assets
• misconfigurations that create meaningful security risk
• broken access controls
• unintended information exposure
• authentication or session-handling weaknesses
• other significant security concerns

If you’re unsure whether something is in scope, you may still submit a report — we will review it.

3. Out-of-Scope Items

The following are not considered vulnerabilities under this policy:

• purely cosmetic issues
• broken design elements
• missing security headers that do not create meaningful risk
• 404 pages, DNS records, or public file listings
• rate limiting or CAPTCHAs
• social engineering attempts (e.g., phishing SECMONS staff)
• denial-of-service (DoS / DDoS) attacks
• brute-force attacks
• scanning that generates excessive traffic
• physical security issues
• third-party services or platforms we do not control

Attempting these actions is not permitted and may violate law or provider terms.

4. Rules for Good-Faith Research

Researchers must follow all of these principles to ensure safe, responsible reporting:

✔ Do not exploit vulnerabilities

Stop testing once you confirm the issue exists.

✔ Do not access or attempt to access user data

This includes accounts, private information, backups, and operational systems.

✔ Do not change, delete, or disrupt data

Preserve system integrity at all times.

✔ Do not perform actions that degrade service

Including load testing, fuzzing at scale, or DoS.

✔ Avoid privacy violations

Use only testing accounts and publicly available information.

✔ Act in good faith

Your goal should be to improve security — never to harm or disrupt.

These rules protect both the researcher and SECMONS.

5. Reporting a Vulnerability

Please include as much detail as possible:

• clear description of the issue
• how it can be reproduced
• tools or methods used
• screenshots or proof-of-concept steps (non-destructive only)
• recommended mitigation if available
• your contact information for follow-up

Submit reports via our contact channel:
👉 Contact & Press

You may also choose to report anonymously, though we may not be able to follow up with additional questions.

6. What You Can Expect From Us

When a valid report is submitted in good faith, SECMONS will:

• acknowledge your submission
• assess the issue’s impact and severity
• communicate the status of the investigation
• resolve the issue based on priority
• issue updates after changes are made

While we deeply appreciate contributions from the community, we do not offer monetary rewards (no bug bounty program) at this time.

Researchers may be recognized publicly only with their explicit permission.

7. Legal Compliance & Safe Intent

This VDP does not create contractual guarantees, legal safe-harbor protection, or authorization to perform prohibited activities.
All testing must comply with applicable laws and regulations in your jurisdiction.

However, if you act:

• in good faith
• responsibly
• without exploitation
• without accessing or damaging data

…then SECMONS will consider your actions as ethical, cooperative research intended to improve user security.

8. Updates to This Policy

This policy may evolve over time to reflect:

• new technologies
• updated legal requirements
• improved processes
• user feedback
• operational changes

The latest version will always remain available on this page.

📚 Related Information

• Terms of Service
• Disclaimer
• Privacy Policy
• Cookie Policy
• Editorial Policy