At Core Strategic LLC, security is a top priority. We are committed to protecting the confidentiality, integrity, and availability of our systems and data. We recognize the valuable role that security researchers and members of the public play in helping us maintain a secure environment.
This policy describes how to responsibly report security vulnerabilities and how Core Strategic will respond.
This policy applies to:
All Core Strategic LLC websites, applications, products, and services.
Any data or systems owned, operated, or maintained by Core Strategic.
This policy does not authorize security research or testing against third-party services or systems that are not owned or operated by Core Strategic.
If you believe you have discovered a security vulnerability, we request that you:
Email us at: security@corestrategic.com
Include details such as:
A description of the vulnerability.
Steps to reproduce the issue.
Potential impact.
Any proof-of-concept code, if available.
Provide your contact information so we can reach you for follow-up.
By participating, you agree to:
Act in good faith to avoid privacy violations, data destruction, or disruption of our services.
Not access, modify, or delete data that does not belong to you.
Not use automated scanners or denial-of-service tools against our systems.
Give Core Strategic reasonable time (90 days) to investigate and remediate the issue before publicly disclosing.
Comply with applicable laws.
Researchers who follow these guidelines shall not be subject to legal action by Core Strategic.
If you report a vulnerability in accordance with this policy:
We shall acknowledge your report within 7 business days.
We shall provide updates on the status of remediation.
We shall notify you when the vulnerability has been resolved.
With your permission, we may provide public recognition for your contribution.
At this time, Core Strategic does not operate a monetary bug bounty program, but we highly value and respect all responsible disclosures.
Core Strategic LLC will not pursue legal action against individuals who:
Engage in testing that is consistent with this policy.
Make a good faith effort to report vulnerabilities.
Avoid harming Core Strategic, its users, or its data.