Google+LinkedInTwitterFacebook
Your business has never had IT so good!

Vulnerability Disclosure Policy

1. Public Reporting Channel

We encourage responsible security researchers and members of the public to report suspected vulnerabilities in our IT systems and services. Reports may be submitted via:

  • Email: abuse@highcaptech.com
    We allow anonymous submissions. Contact information may be requested for follow-up but is not required.

2. Scope of Policy

This policy covers all internet-accessible products, services, applications, and systems operated or managed by Highcap Technologies. If you are unsure whether a system is eligible, please contact us before beginning research.

Excluded systems: No systems are excluded at this time.

3. Authorization for Researchers

We authorize good-faith research and reporting under this policy. If you comply with the guidelines herein, Highcap Technologies will not pursue legal action. Should third parties initiate legal action against activities performed in accordance with this policy, we will make this authorization known.

4. Reporting and Handling Procedures

  • Please submit a report that includes:
    • System/product name and version
    • Description of the vulnerability and its impact
    • Steps to reproduce or identify the vulnerability
    • (Optional) Screenshots, logs, or other supporting evidence
    • (Optional) CVE/CWE reference if known

Upon receiving your report, we will:

  • Acknowledge receipt within three (3) business days
  • Assess and triage the report
  • Communicate progress and—when appropriate—the resolution outcome

5. Remediation and Response Timeline

We aim to validate and remediate reported vulnerabilities within ninety (90) calendar days. We may provide updates on status and expected completion.

We ask that you:

  • Provide us a reasonable period (minimum 90 days) before any public disclosure of the vulnerability
  • Discontinue testing if sensitive data is discovered and include a description of the kind (do not submit the data itself)

6. Safe Harbor and Legal Protections

Security researchers acting in accordance with this policy are protected from legal and regulatory action by Highcap Technologies. This protection does not apply to malicious actions, data exfiltration, persistent command-line access, disruption of production systems, or exploitation beyond what is needed to confirm a vulnerability.

Additional Guidance

All research should minimize impact:

  • Avoid privacy violations and degradation of user experience
  • Only exploit vulnerabilities to the extent needed for proof
  • Do not pivot to other systems or exfiltrate data