Vulnerability Disclosure Policy

At O-Range Cybersecurity Training & Services Ltd., we believe that elite security requires constant vigilance. No system is perfect, and vulnerabilities can emerge. We value collaboration with security researchers and ethical hackers to maintain the highest security standards.

If you've discovered a vulnerability in our systems, we encourage you to report it responsibly. Together, we can strengthen digital defenses and protect our community.

When reporting vulnerabilities to O-Range Cybersecurity, please adhere to the following guidelines:

• We commit to making reasonable efforts to address valid vulnerabilities promptly after notification
• Please refrain from public disclosure until we've had adequate time to resolve the issue (typically 90 days)
• Only use accounts you own or have explicit permission to test
• Make every effort to avoid privacy violations, service disruption, or data destruction
• Provide detailed reports with steps to reproduce the vulnerability
• Do not exploit the vulnerability beyond what's necessary to demonstrate it

Please send vulnerability reports to our security team:

The following activities are excluded from our vulnerability disclosure program:

• Denial-of-service (DoS/DDoS) attacks
• Spamming or social engineering attempts
• Physical security assessments
• Attacks requiring physical access to devices
• UI/UX bugs that don't demonstrate security impact
• Vulnerabilities in third-party services not directly under our control

We consider security research conducted in accordance with this policy to be authorized. We will not initiate legal action against researchers who:

• Make good-faith efforts to avoid privacy violations and service disruption
• Provide reasonable time for remediation before public disclosure
• Do not exploit vulnerabilities beyond proof-of-concept
• Do not exfiltrate data other than what's minimally required

This policy was last updated on . We may update these guidelines as needed, with changes reflected on this page.