10

Responsible disclosure

Found a vulnerability in our own systems? Help us correct it without increasing risk.

01

Scope

This policy covers services publicly identified as operated by IBCSC. It authorises no action on third-party systems.

  • Test only with your own accounts
  • Minimise data collection
  • Stop if personal data appears
02

Rules of conduct

Do not perform denial of service, social engineering, persistence, data exfiltration or modification.

  • No disruption
  • No premature disclosure
  • Only necessary documentation
03

Reporting

Describe the issue, reproduction steps and impact through our contact form. A dedicated channel will be published at operational launch.

  • Reproduction steps
  • Estimated impact
  • Dedicated channel to come
04

Coordination

We favour good-faith exchange and coordinated publication. This policy is neither a bounty nor general legal immunity.

  • Good-faith exchange
  • Coordinated publication
  • No bounty or immunity