Responsible Disclosure

Committed to transparency and collaboration. Discover how we responsibly handle vulnerability reports.

We welcome feedback from security researchers and the general public to help improve our security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we want to hear from you. This policy outlines steps for reporting vulnerabilities to us, what we expect from you, and what you can expect from us.

Note: This is not a bug bounty program. We currently do not offer financial rewards.

In Scope

This policy applies to all digital assets owned, operated, or maintained by Vulnersight:

vulnersight.tilabs.co
app.vulnersight.tilabs.co

Any assets not listed above are considered out of scope.

How to Report a Vulnerability

Please report potential security vulnerabilities via email to:

security@tilabs.id

Include as much relevant information as possible, such as:

Affected domain, endpoint, or module
Step-by-step instructions to reproduce the issue
Type or category of the vulnerability (e.g., XSS, Path Traversal, IDOR)
Proof of Concept
Potential impact of the vulnerability

Submissions lacking sufficient detail or clarity may not be processed.

Our Commitment

When you follow this policy and report a vulnerability in good faith, Vulnersight will:

Acknowledge your report within 5 business days
Work with you to understand and validate the report
Provide updates on progress and resolution
Address confirmed vulnerabilities in a timely manner
Offer recognition (e.g., Hall of Fame listing or Vulnersight swag) where appropriate
Not pursue legal action if your research complies with this policy

Rules of Engagement

To participate in this program, you must:

Avoid violating privacy or accessing data that is not yours
Never attempt denial-of-service (DoS), spam, or brute-force attacks
Refrain from any form of social engineering (e.g., phishing, impersonation)
Never disclose vulnerabilities publicly without our written consent
Stop testing if unsure and contact us before proceeding
Not use automated scanners without analyzing and validating findings
Not leave systems in a more vulnerable state than you found them
Respect our users, infrastructure, and services during all testing activities

Safe Harbor

If your security research is conducted in compliance with this policy:

It will be considered authorized
We will not pursue legal action against you
If third parties initiate legal action, we will clarify that your actions were in line with our policy
This applies only to legal claims under our control and does not apply to third-party systems

We reserve all legal rights in the event of actions taken outside the scope of this policy.

Policy Updates

This policy may be updated at any time. Updates take effect upon posting. By submitting a report, you agree to the latest version of this policy.

Ready to Uncover What Others Miss?

Get started in minutes with automated, intelligent security testing.

Try Demo

Ready to Uncover What Others Miss?

Get started in minutes with automated, intelligent security testing.

Try Demo

Ready to Uncover What Others Miss?

Get started in minutes with automated, intelligent security testing.

Try Demo