1. Purpose

At TeamT5, we are dedicated to protecting the security of our customers, partners, and the community. We warmly Sincerely welcome security researchers, experts, or any good-faith third parties to responsibly report potential vulnerabilities or security incidents in our websites, products, or infrastructure. This policy aims to:

  • Provide a clear and transparent reporting channel

  • Protect good-faith researchers from legal liability

  • Improve the security of our products and services together

2. Scope

This policy applies to:

  • Our official websites, cloud services, and infrastructure

  • Our EDR and other cybersecurity products and solutions

  • Any assets related to the company’s information security

3. Out of Scope

We generally will not accept or respond to reports on:

  • SPF / DMARC / DKIM configuration issues

  • Open directory listings without sensitive data

  • HTTP error messages or banner disclosures

  • Client-side issues due to weak user passwords

  • Vulnerabilities requiring physical access

  • Third-party resources or services not managed by us

4. Reporting Process

(1) What to include

  • Name & version of the affected product/service

  • Description and potential impact

  • Steps to reproduce or Proof of Concept (PoC)

  • Your contact email

(2) How to submit

(3) Our process

  • Initial acknowledgment within 72 hours

  • Assessment and fix based on severity

  • After resolution and public advisory, we can credit you (with your consent).

  • 90-day policy: We request you wait 90 days before public disclosure (may adjust based on severity).

(4) CVE process

  • If it meets public criteria, we’ll help request a CVE ID from CNA.

  • We can include you as the discoverer if you agree.

5. Responsible Disclosure Principles

We ask that you:

  • Do not publicly share details before a fix or advisory.

  • Do not exploit the vulnerability to access, leak, or destroy data.

  • Only test to the extent needed to confirm the issue; no destructive testing or persistent backdoors

  • Allow us 90 days to fix the issue (subject to adjustment)

  • Provide clear and detailed reports

6. Legal Statement & Safe Harbor

  • We appreciate every good-faith reporter, and will not claim legal liability for actions of good-faith reporting in accordance with this policy.

  • If a reporter violates the law or intentionally and maliciously exploits a vulnerability, the company reserves the right to hold them legally accountable under applicable civil and criminal laws.

  • This policy does not create a contractual or cooperative relationship; we may revise it as necessary.

7. Contact