Vulnerability Disclosure Policy

1. Introduction

At CyberCrowd Limited, we prioritise the security of our systems and data. We understand that despite our best efforts, vulnerabilities can exist. To address this, we encourage responsible reporting of any weaknesses or vulnerabilities discovered in our systems. This policy provides guidelines for submitting such reports and outlines our commitment to working with security researchers.

2. Scope

This policy applies to any security vulnerabilities discovered within any digital assets owned, operated, or maintained by CyberCrowd.

3. How to Report a Vulnerability

· Contact Information: Please report vulnerabilities by sending an email to Optionally, provide a secure way for us to contact you (e.g., encrypted email, phone number).

· Information to Include: Provide a clear description of the vulnerability, including the URL and the potential impact. If possible, include steps to reproduce the issue, which will help us to resolve it more quickly.

4. Commitment from Us

· No Legal Action: We pledge not to initiate legal action against researchers who report vulnerabilities following these guidelines and in good faith.

· Confidentiality: We will keep all vulnerability reports confidential and will not disclose reporters’ identities without consent.

· Acknowledgement: We will acknowledge receipt of your report within 72 hours

· Communication: We commit to timely communication throughout the vulnerability investigation process.

5. Safe Harbour

We support safe and responsible vulnerability research. While we cannot authorize testing on all systems, we will not pursue legal action against those who act in good faith and responsibly, following this policy’s guidelines.

6. Exclusions from Safe Harbour

Activities not conducted in accordance with this policy will be considered unauthorised and potentially illegal. This includes:

· Testing that involves downloading more data than necessary to demonstrate the vulnerability.

· Social engineering or physical attacks against our employees, users, or infrastructure.

· Any actions that disrupt or damage our services or data.

7. Policy Updates

We may modify this policy at any time. We encourage you to review it periodically.

8. Contact Information

For further questions about this policy, please contact