Vulnerability Disclosure
We appreciate your efforts to help keep our services secure. If you believe you have discovered a vulnerability in any Red Citadel system, please report it responsibly to security [at] redcitadel.co.uk or via our website contact form.
Responsible Disclosure Guidelines
When reporting, please:
- Avoid actions that could harm data, disrupt systems, or affect other users.
- Provide sufficient detail so we can reproduce and assess the issue (CVSS scoring is welcome).
- Allow us a reasonable timeframe to investigate and remediate before public disclosure.
- Refrain from activities such as social engineering, phishing, or physical testing.
Our Commitment to You
Upon receiving your report, we will:
- Acknowledge receipt promptly.
- Work with you to validate and resolve the issue.
- Provide an estimated remediation timeframe based on severity.
- Notify you once resolved and, if you wish, invite you to retest.
- Credit you publicly in our release notes (unless you prefer to remain anonymous).