Legal

Security & Vulnerability Disclosure Policy

Effective date: July 6, 2026 · Last reviewed: July 6, 2026

As a cybersecurity services provider, Shiryon holds itself to the same standard we advocate for our clients. If you believe you have found a security vulnerability affecting our own website or infrastructure, we want to hear from you, and we commit to working with good-faith researchers in a respectful, non-adversarial way.

1. Our Commitment

2. Scope

In scope for this policy:

Out of scope:

3. Rules of Engagement

4. How to Report

Send a report to [TBC — insert security/VDP contact email, e.g. security@[domain]] including:

[TBC — if a PGP key is available for encrypted reports, publish its fingerprint and a link to the public key here].

5. What Happens Next

  1. We acknowledge your report and assign it a severity rating.
  2. We investigate and validate the finding, contacting you if we need more information.
  3. We develop and deploy a remediation, and let you know once it is resolved.
  4. Where appropriate and with your permission, we credit researchers who report valid, previously unknown issues (see Section 6).

6. Coordinated Disclosure & Recognition

We ask that you give us a reasonable opportunity to investigate and remediate a reported issue before any public disclosure — typically [TBC — insert target remediation/disclosure window, e.g. 90 days] from acknowledgment, subject to extension for complex issues by mutual agreement. With your permission, we are happy to publicly credit researchers who responsibly report a valid, previously unreported vulnerability.

7. Safe Harbor

Activity conducted in good faith and in accordance with this policy is considered authorized. We will not initiate legal action, and will work to prevent legal action from being taken by others, in connection with research conducted consistently with this policy. This safe harbor applies only to the scope defined in Section 2 and only where the Rules of Engagement in Section 3 are followed.

8. Contact

Security reports: [TBC — insert security/VDP contact email]. General questions about this policy: [TBC — insert general contact email].