KOM Consulting – Responsible Vulnerability Disclosure Policy

Last Updated: January 2026

1. Purpose
KOM Consulting is committed to protecting the confidentiality, integrity, and availability of our systems, services, and client data. This Responsible Vulnerability Disclosure Policy establishes a clear, good‑faith process for security researchers and the public to report potential security vulnerabilities to us.

2. Scope
This policy applies to all public‑facing online services operated by KOM Consulting, and systems explicitly owned or managed by KOM Consulting.

3. Reporting a Vulnerability
Email: [email protected]
Include description, reproduction steps, tools used, and optional contact info.

4. What You Can Expect From Us
We will acknowledge reports within 5 business days, investigate, provide updates, and remediate validated issues promptly.

5. Safe Harbor
Good‑faith security research is welcomed. We will not pursue legal action for accidental or non‑malicious violations conducted within policy guidelines.

6. Prohibited Activities
No exploitation beyond confirmation, no data access, no service disruption, no social engineering, and no public disclosure without coordination.

7. Vulnerability Handling Process
We follow structured remediation aligned with our internal vulnerability management policies.

8. Recognition
With permission, researchers may be acknowledged publicly.

9. Policy Updates
KOM Consulting may update this policy periodically.

10. Contact
Email: [email protected]
Website: https://www.komconsulting.com