Home Services Pricing About Blog Get Assessment
Security

Responsible Disclosure Policy

Effective Date: May 26, 2026 · Last Updated: May 26, 2026

At Amity Cyber Resolved, we take the security of our systems and our clients' trust seriously. We welcome and appreciate the efforts of security researchers who help us identify vulnerabilities in our own infrastructure. This policy provides guidelines for conducting security research and reporting vulnerabilities to us.

1. Scope

✅ In Scope

  • amitycyberesolved.com (main website)
  • API endpoints (*.amitycyberesolved.com/api/*)
  • Admin panel authentication
  • Contact form processing
  • Blog system
  • Session management

🚫 Out of Scope

  • Third-party services (Render, Squarespace, Google Workspace)
  • Social engineering or phishing attacks
  • Denial of Service (DoS/DDoS) attacks
  • Physical security testing
  • Attacks against other users or clients
  • Spam or social media account takeover

2. Guidelines

We ask that security researchers adhere to the following guidelines:

3. How to Report

Please send vulnerability reports to:

Email: security@amitycyberesolved.com

Please include the following in your report:

4. Severity Guidelines

SeverityDescriptionExamples
CriticalFull system compromise or mass data exposureRCE, SQL injection, auth bypass to admin, mass PII exposure
HighSignificant data access or privilege escalationIDOR exposing user data, stored XSS on admin panel, credential leakage
MediumLimited impact requiring user interactionReflected XSS, CSRF on non-critical functions, information disclosure
LowMinimal security impactMissing security headers, verbose errors, clickjacking on non-sensitive pages

5. What We Will Not Accept

The following are generally considered out of scope and will not qualify:

6. Our Response

When you submit a report, here is what you can expect:

7. Safe Harbor

We consider security research conducted in accordance with this policy to be authorized and will not initiate legal action against researchers who comply with these guidelines. If a third party initiates legal action against you for research conducted under this policy, we will make it known that your actions were authorized.

This safe harbor applies only to legal claims under our control and does not bind independent third parties.

8. Rewards

While we do not currently operate a formal paid bug bounty program, we deeply value the work of security researchers. We offer public acknowledgment (with your consent) for valid reports. As we grow, we plan to formalize a bounty program with monetary rewards for qualifying vulnerabilities.

9. Contact

Amity Cyber Resolved LLC
Security Reports: security@amitycyberesolved.com
General Inquiries: hello@amitycyberesolved.com
Website: amitycyberesolved.com