Vulnerability Disclosure Policy

Effective June 17, 2026

 

Our Commitment

Cyber Defender Solutions welcomes responsible disclosure of security vulnerabilities by security researchers and members of the public. This policy describes how to report a vulnerability and what you can expect from us.

 

Scope

This policy covers vulnerabilities in:

·         cyberdefendersolutions.com and its subdomains

·         Systems and services operated directly by Cyber Defender Solutions

Out of scope:

·         Vulnerabilities in third party services we use, including Squarespace, Stripe, Acuity, Zoom, and Google. Please report these directly to the relevant vendor.

·         Social engineering attacks against our employees or contractors

·         Physical security attacks

·         Denial of service attacks

 

How to Report

Please send your report to indy@cyberdefendersolutions.com with "Vulnerability Disclosure" in the subject line. Please include:

·         A clear description of the vulnerability

·         Steps to reproduce, if possible

·         The potential impact, in your assessment

·         Your name and contact information, so we can follow up

We prefer encrypted email if you have a strong reason for it. Contact us first if you would like to set this up.

 

What You Can Expect From Us

·         We will acknowledge receipt of your report within three business days

·         We will respond with our assessment of the vulnerability and a remediation plan within fifteen business days

·         We will keep you informed of progress as we work to remediate

·         We will credit you in any public disclosure if you wish

 

Safe Harbor

We will not pursue legal action against researchers who:

·         Act in good faith

·         Follow this policy

·         Make a reasonable effort to avoid privacy violations, destruction of data, or interruption of services

·         Do not disclose the vulnerability publicly until we have had a reasonable opportunity to address it

 

No Bounty Program at This Time

We do not currently offer monetary rewards for vulnerability reports. We may offer recognition or thanks at our discretion.

 

Public Disclosure

We prefer coordinated disclosure. We will work with you to agree on a reasonable timeline for public disclosure, typically after a fix is in place or after ninety days, whichever comes first.

 

Contact Us


Cyber Defender Solutions

Email: indy@cyberdefendersolutions.com

Phone: 281-536-9028

Website: cyberdefendersolutions.com

TREC CE Provider: 11348-CEP