Scope
This policy covers services publicly identified as operated by IBCSC. It authorises no action on third-party systems.
- Test only with your own accounts
- Minimise data collection
- Stop if personal data appears
Found a vulnerability in our own systems? Help us correct it without increasing risk.
This policy covers services publicly identified as operated by IBCSC. It authorises no action on third-party systems.
Do not perform denial of service, social engineering, persistence, data exfiltration or modification.
Describe the issue, reproduction steps and impact through our contact form. A dedicated channel will be published at operational launch.
We favour good-faith exchange and coordinated publication. This policy is neither a bounty nor general legal immunity.