Vulnerability Disclosure Policy
Effective June 17, 2026
Our Commitment
Cyber Defender Solutions welcomes responsible disclosure of security vulnerabilities by security researchers and members of the public. This policy describes how to report a vulnerability and what you can expect from us.
Scope
This policy covers vulnerabilities in:
· cyberdefendersolutions.com and its subdomains
· Systems and services operated directly by Cyber Defender Solutions
Out of scope:
· Vulnerabilities in third party services we use, including Squarespace, Stripe, Acuity, Zoom, and Google. Please report these directly to the relevant vendor.
· Social engineering attacks against our employees or contractors
· Physical security attacks
· Denial of service attacks
How to Report
Please send your report to indy@cyberdefendersolutions.com with "Vulnerability Disclosure" in the subject line. Please include:
· A clear description of the vulnerability
· Steps to reproduce, if possible
· The potential impact, in your assessment
· Your name and contact information, so we can follow up
We prefer encrypted email if you have a strong reason for it. Contact us first if you would like to set this up.
What You Can Expect From Us
· We will acknowledge receipt of your report within three business days
· We will respond with our assessment of the vulnerability and a remediation plan within fifteen business days
· We will keep you informed of progress as we work to remediate
· We will credit you in any public disclosure if you wish
Safe Harbor
We will not pursue legal action against researchers who:
· Act in good faith
· Follow this policy
· Make a reasonable effort to avoid privacy violations, destruction of data, or interruption of services
· Do not disclose the vulnerability publicly until we have had a reasonable opportunity to address it
No Bounty Program at This Time
We do not currently offer monetary rewards for vulnerability reports. We may offer recognition or thanks at our discretion.
Public Disclosure
We prefer coordinated disclosure. We will work with you to agree on a reasonable timeline for public disclosure, typically after a fix is in place or after ninety days, whichever comes first.
Contact Us
Cyber Defender Solutions
Email: indy@cyberdefendersolutions.com
Phone: 281-536-9028
Website: cyberdefendersolutions.com
TREC CE Provider: 11348-CEP