Cyber Rebels

  • Mon - Fri : 9:00 -17:00
Neotech-icon-facebook-f Neotech-icon-twitter Neotech-icon-linkedin-in Neotech-icon-instagram
Cyber Rebels logo with padlock design.
Menu
0 £0.00

Have Any Questions?

Book A Call

Get In Touch
breacumb linear4
breacumb linear5
Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

Version: 1.1
Effective date: 6 May 2026
Last reviewed: 6 May 2026

Cyber Rebels takes the security of its website and services seriously, and we appreciate responsible reports that help us identify and address potential issues.

While we take reasonable steps to protect our systems, we recognise that security issues can occasionally arise. This policy explains how potential vulnerabilities can be reported to us, what information helps us assess them, and how those reports are handled.

This policy is intended to support responsible disclosure. It does not authorise active security testing, penetration testing, scanning, exploitation, or attempts to bypass security controls.

Reporting a security issue

If you believe you have identified a security vulnerability affecting the Cyber Rebels website or services, please notify us by email at:

[email protected]

When submitting a report, please provide enough detail to help us understand and assess the issue. This may include:

  • the page, service, or functionality affected
  • a clear description of the issue
  • steps required to reproduce the issue, where applicable
  • any supporting information that may assist our investigation

Please do not include personal data, confidential information, copied data, or information obtained through unauthorised access unless it is strictly necessary to demonstrate the issue.

We ask that reported issues are not disclosed publicly until we have had a reasonable opportunity to review and respond.

Responsible use

When reporting a potential security issue, we expect individuals to act responsibly and in good faith.

This policy is intended to support the responsible reporting of issues discovered through normal use, non-disruptive observation, or accidental discovery. It is not permission to actively test, probe, exploit, or investigate Cyber Rebels systems beyond what is necessary to report the suspected issue.

This policy does not permit or authorise:

  • accessing data that does not belong to you
  • modifying, deleting, copying, extracting, or exfiltrating data
  • disrupting services, systems, or user access
  • using automated scanning tools without permission
  • carrying out denial-of-service activity
  • brute-force testing, credential attacks, or password spraying
  • social engineering, phishing, or attempts to deceive Cyber Rebels staff, clients, suppliers, or users
  • attempting to escalate access or move beyond the issue originally identified
  • testing third-party services, platforms, or systems linked from our website

If you discover information that you should not have access to, stop immediately and report the issue to us.

Scope of this policy

This policy applies to:

  • the Cyber Rebels website
  • systems and services operated directly by Cyber Rebels

It does not apply to:

  • third-party services or platforms linked from our website
  • vulnerabilities affecting client-owned systems
  • physical security issues
  • social engineering or non-technical attacks
  • issues in third-party software, plugins, platforms, or hosting environments that are not controlled directly by Cyber Rebels

Our approach to reports

We will take reasonable steps to:

  • review reported issues
  • assess potential impact and risk
  • determine whether the issue affects Cyber Rebels systems or services
  • take appropriate action based on the nature and severity of the issue

Where appropriate, we may contact the reporter for further information.

The time required to investigate or address a reported issue will vary depending on complexity, severity, and whether third-party providers are involved. We do not guarantee specific response or resolution times.

Rewards and compensation

We genuinely appreciate responsible reports that help us keep the Cyber Rebels website and services secure.

At this stage, Cyber Rebels does not operate a bug bounty programme and does not offer payment, reward, compensation, or reimbursement for vulnerability reports unless this has been agreed in writing in advance.

Submitting a report does not create any entitlement to payment, future work, or any form of commercial engagement. We are still grateful when people take the time to report issues responsibly and in line with this policy.

Legal position

Where a vulnerability is reported responsibly, in good faith, and in line with this policy, Cyber Rebels does not intend to take legal action in relation to the disclosure itself.

This does not affect our rights in respect of any activity that is unlawful, harmful, disruptive, exploitative, or outside the scope of responsible behaviour described in this policy.

This policy does not grant permission to access systems, data, accounts, services, or environments beyond what is necessary to report a suspected issue responsibly.

Changes to this policy

This policy may be updated from time to time to reflect changes to our website, services, or security practices. The current version will always be published on our website.

Contact

Questions relating to this policy can be directed to:

[email protected]

Search

account

cart

  • Cyber Rebels
All category
Shopping cart close