Responsible Disclosure Policy
Last updated: May 9, 2025
Our commitment to working with security researchers to keep Frostcloud secure through responsible vulnerability disclosure.
We know that no system is perfect — that's why we value researchers and ethical hackers who help us keep Frostcloud secure. If you find a vulnerability, we want to hear about it — the right way.
Send your report to [email protected] with a clear description, reproduction steps, and optional proof-of-concept. If it's sensitive, encrypt it with our PGP key (available on the about us page for any team member!).
We aim to acknowledge submissions within 3 business days and patch verified vulnerabilities quickly. We kindly ask that you don't publicly disclose issues until we've resolved them, and that you avoid testing methods that could harm systems or data (like DDoS or social engineering).
Follow our rules, act in good faith, and we promise legal safe harbor and a spot on our upcoming Security Hall of Fame. Responsible disclosure makes the internet safer for everyone — and we're here for it.
Send your report to [email protected] with a clear description, reproduction steps, and optional proof-of-concept. If it's sensitive, encrypt it with our PGP key (available on the about us page for any team member!).
We aim to acknowledge submissions within 3 business days and patch verified vulnerabilities quickly. We kindly ask that you don't publicly disclose issues until we've resolved them, and that you avoid testing methods that could harm systems or data (like DDoS or social engineering).
Follow our rules, act in good faith, and we promise legal safe harbor and a spot on our upcoming Security Hall of Fame. Responsible disclosure makes the internet safer for everyone — and we're here for it.