1. Purpose
At TeamT5, we are dedicated to protecting the security of our customers, partners, and the community. We warmly Sincerely welcome security researchers, experts, or any good-faith third parties to responsibly report potential vulnerabilities or security incidents in our websites, products, or infrastructure. This policy aims to:
Provide a clear and transparent reporting channel
Protect good-faith researchers from legal liability
Improve the security of our products and services together
2. Scope
This policy applies to:
Our official websites, cloud services, and infrastructure
Our EDR and other cybersecurity products and solutions
Any assets related to the company’s information security
3. Out of Scope
We generally will not accept or respond to reports on:
SPF / DMARC / DKIM configuration issues
Open directory listings without sensitive data
HTTP error messages or banner disclosures
Client-side issues due to weak user passwords
Vulnerabilities requiring physical access
Third-party resources or services not managed by us
4. Reporting Process
(1) What to include
Name & version of the affected product/service
Description and potential impact
Steps to reproduce or Proof of Concept (PoC)
Your contact email
(2) How to submit
Email: psirt@teamt5.org or teamt5_csirt@teamt5.org
Use “[Vulnerability Report]” as the subject
(3) Our process
Initial acknowledgment within 72 hours
Assessment and fix based on severity
After resolution and public advisory, we can credit you (with your consent).
90-day policy: We request you wait 90 days before public disclosure (may adjust based on severity).
(4) CVE process
If it meets public criteria, we’ll help request a CVE ID from CNA.
We can include you as the discoverer if you agree.
5. Responsible Disclosure Principles
We ask that you:
Do not publicly share details before a fix or advisory.
Do not exploit the vulnerability to access, leak, or destroy data.
Only test to the extent needed to confirm the issue; no destructive testing or persistent backdoors
Allow us 90 days to fix the issue (subject to adjustment)
Provide clear and detailed reports
6. Legal Statement & Safe Harbor
We appreciate every good-faith reporter, and will not claim legal liability for actions of good-faith reporting in accordance with this policy.
If a reporter violates the law or intentionally and maliciously exploits a vulnerability, the company reserves the right to hold them legally accountable under applicable civil and criminal laws.
This policy does not create a contractual or cooperative relationship; we may revise it as necessary.
7. Contact
Email: psirt@teamt5.org or teamt5_csirt@teamt5.org