Security

Vulnerability Disclosure

We value the work of security researchers. If you believe you have found a vulnerability in our website or services, we want to hear from you.

Template — for review. Confirm the response targets and safe-harbor wording with legal counsel, and create the [email protected] mailbox, before publishing.

Last updated: [ date ]

1. Our commitment

Secured Wall practices what we advise our clients: we welcome good-faith security research and coordinated disclosure. We will work with you to understand, validate, and remediate any legitimate issue you report.

2. Scope

This policy covers www.securedwall.com and services operated by Secured Wall. If you are unsure whether a system is in scope, ask us first at the address below.

3. How to report

Email [email protected] (also published in our security.txt). Please include: a description of the issue, the affected URL or system, steps to reproduce, and any proof-of-concept detail. Encrypted reports are welcome — request our key at the same address.

4. What to expect

We aim to acknowledge your report within three business days, keep you informed as we validate and remediate, and — with your permission — credit you once the issue is resolved. We do not currently operate a paid bug-bounty program.

5. Rules of engagement

To keep research safe for everyone: do not disrupt services or degrade availability (no denial-of-service testing); do not use social engineering, phishing, or physical intrusion; access only the minimum data needed to demonstrate the issue, and do not view, modify, or retain data belonging to others; stop testing and report immediately if you encounter personal or sensitive data.

6. Safe harbor

We will not pursue legal action against research conducted in good faith and in line with this policy. We consider such research authorized, and we will say so if a third party raises a claim relating to it.

7. Active incidents

This channel is for vulnerability reports. If your organization is experiencing an active security incident, use our incident response contacts instead.