Responsible Disclosure Policy
PRAEON Advisory Inc. welcomes responsible reports of potential website security vulnerabilities.
1. Permitted Research
Good-faith, non-destructive testing limited to identifying and reporting vulnerabilities is permitted only to the extent it does not violate this Policy, disrupt services, access data, or breach applicable law.
2. Prohibited Activity
Do not access, modify, delete, copy, disclose, or exfiltrate data; disrupt systems or services; conduct denial-of-service testing; use malware, ransomware, spyware, or destructive tools; perform phishing, social engineering, or credential attacks; attempt physical attacks; access accounts or systems without authorization; or publicly disclose a vulnerability before PRAEON Advisory Inc. has had a reasonable opportunity to review and remediate it.
3. Reporting
Send reports to: security@praeonadvisory.com
Include affected URL or system; description of the issue; reproduction steps; potential impact; screenshots or proof-of-concept details, if safe to share; and your contact information.
4. No Authorization Beyond This Policy
This Policy does not authorize testing beyond the scope described above.