Responsible Disclosure Policy

Effective Date: November 30, 2021

At Com-Sec LLC ("Com-Sec," "we," "us," or "our"), we take the security of our systems and the data of our clients seriously. We are committed to addressing security vulnerabilities in a timely and responsible manner. This Responsible Disclosure Policy outlines how to report potential vulnerabilities in our systems and our commitment to resolving such issues.

1. Scope

This policy applies to any digital assets owned, operated, or controlled by Com-Sec, including our website (com-sec.io) and other related online services. If you believe you have found a security vulnerability in our systems, we encourage you to report it in accordance with this policy.

2. Reporting a Vulnerability

If you believe you have discovered a security vulnerability, please follow these guidelines to report it:

  • Email: Send a detailed description of the vulnerability to security@com-sec.io.

  • Include the Following Information:

    • A detailed description of the vulnerability, including the type of issue, the affected system or URL, and the potential impact.

    • Steps to reproduce the vulnerability, including any proof-of-concept or exploit code.

    • Your contact information so we can reach out to you if additional information is needed.

3. Our Commitment

When you report a security vulnerability to us, we commit to:

  • Acknowledgement: Acknowledge receipt of your report within 5 business days.

  • Assessment: Assess the report and determine its validity and impact.

  • Communication: Provide an estimated timeline for addressing the issue, if applicable.

  • Resolution: Work diligently to resolve the reported vulnerability in a timely manner. We will notify you when the issue has been addressed or if further information is required.

4. Safe Harbor

To encourage responsible disclosure, we will not take legal action against you or suspend or terminate your access to our services, provided that you:

  • Comply with this Responsible Disclosure Policy and all applicable laws.

  • Avoid disclosing the vulnerability to any third party until we have resolved the issue.

  • Do not exploit the vulnerability beyond what is necessary to demonstrate the issue.

  • Do not conduct any actions that could result in data loss, data corruption, privacy violations, or service disruptions.

5. Out of Scope

The following activities are outside the scope of this policy and should not be attempted:

  • Physical testing of Com-Sec's facilities or infrastructure.

  • Social engineering attacks against Com-Sec employees, contractors, or customers.

  • Denial of Service (DoS) attacks or other actions that could disrupt our services.

  • Automated or manual scanning without prior authorization.

6. No Compensation

We do not offer monetary rewards or bounties for reporting security vulnerabilities. Your contributions to improving our security are appreciated and acknowledged, but they are voluntary.

7. Changes to This Policy

We may update this Responsible Disclosure Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically to stay informed about our approach to security vulnerability reporting.

8. Contact Us

If you have any questions or need clarification on this policy, please contact us at:

Com-Sec LLC
Email: security@com-sec.io
Address: 11710, Old Georgetown Rd, Rockville, MD 20852

Thank you for helping us keep Com-Sec and our clients secure.