Vulnerability Disclosure

At Cyluki Security Ltd, we are deeply committed to safeguarding the security and privacy of our systems, clients, and the wider community. In our pursuit of excellence, we recognize the invaluable contributions of ethical researchers and security professionals in identifying potential vulnerabilities. Transparency, collaboration, and proactive action form the foundation of our approach to cybersecurity, ensuring the continuous protection of our digital assets and those of our clients.

We welcome and appreciate responsible disclosure of vulnerabilities to help us enhance our security posture and deliver on our mission to provide top-tier cybersecurity solutions. Together, we can build a more secure digital landscape.

How to Report a Vulnerability

If you believe you’ve discovered a security vulnerability in any of our systems or services, we encourage you to report it to us responsibly. Please follow the steps below:

  1. Email Your Report:
    Send an email to contact@cylukisecurity.co.uk with the subject line: Security Vulnerability Report.

  2. Include the Following Details:

    • A clear description of the vulnerability.

    • Steps to reproduce the issue.

    • Any supporting evidence, such as screenshots, logs, or proof-of-concept code.

    • Your contact information (optional, if you'd like updates on your report).

Scope

The following systems and services are in scope for vulnerability reporting:

  • Client Portals and Applications: Any platforms hosted by Cyluki Security Ltd.

Out of scope:

  • Social engineering attacks (e.g., phishing staff).

  • Physical security vulnerabilities.

  • Third-party services or applications not managed by Cyluki Security Ltd.

Our Commitment to You

We are dedicated to treating your vulnerability report with the utmost professionalism and confidentiality. When you submit a report:

  • We will acknowledge receipt of your report within 2 business days.

  • We will provide an initial assessment of your report within 5 business days.

  • We will work diligently to resolve the issue and keep you updated on our progress.

Safe Harbor Statement

We pledge not to pursue legal action against individuals who report vulnerabilities in good faith and adhere to this policy. Your responsible actions help us maintain and enhance the security of our systems.

Frequently Asked Questions (FAQs)

  1. Can I publicly disclose the vulnerability?

  2. We kindly ask that you refrain from disclosing the vulnerability publicly until we’ve had the opportunity to investigate and resolve the issue. We’ll keep you informed throughout the process and will work with you to determine an appropriate timeline for disclosure, if applicable.

  3. Will I receive recognition for my report?
    If you wish, we are happy to acknowledge your contribution on our website or in our reports. Please let us know in your report if you’d like to be credited.

  4. What should I do if I’m unsure whether an issue is in scope?
    Feel free to reach out to us at contact@cylukisecurity.co.uk with your questions. We’re happy to clarify and guide you on whether the issue falls within scope.

Let’s Work Together to Stay Secure

At Cyluki Security Ltd, we believe that collaboration is key to building a safer digital world. We appreciate your efforts in helping us secure our systems and protect our clients’ digital assets. Thank you for your support and dedication to responsible cybersecurity practices.

For any further questions or clarifications, don’t hesitate to reach out to us at contact@cylukisecurity.co.uk.