Header

HomeGray Beard Cybersecurity's Logo

Vulnerability Disclosure Program

Help Us Strengthen Security - Report Vulnerabilities Responsibly

At Gray Beard Cybersecurity, protecting sensitive data and critical systems is our top priority. We recognize the value that security researchers, ethical hackers, and cybersecurity professionals bring in identifying vulnerabilities before malicious actors can exploit them. That's why we've established our Vulnerability Disclosure Program (VDP)—a structured way for you to report security issues responsibly and ethically.

Why Your Help Matters

No system is perfect, and even with rigorous security measures in place, vulnerabilities can arise. By working together, we can proactively strengthen security, protect sensitive information, and maintain trust in the cybersecurity community. Your efforts help us:
  • Identify and remediate security flaws before they can be exploited.
  • Protect government, defense, and private-sector partners that rely on our services.
  • Foster a culture of transparency, collaboration, and continuous improvement.

How to Report a Vulnerability

If you discover a potential security issue, we encourage you to report it by following these steps:
  1. Review Our Guidelines - Before submitting a report, ensure your findings align with our disclosure policy.
  2. Submit Your Findings - Provide a detailed report including:
    • A clear description of the vulnerability.
    • Steps to reproduce the issue.
    • Any potential impact on security.
    • Suggested mitigation or remediation strategies (if applicable).
  3. Allow Time for Investigation - Our security team will acknowledge your submission, investigate the issue, and keep you updated on our progress.
  4. Responsible Disclosure - We ask that you do not publicly disclose vulnerabilities until we have had the opportunity to remediate them.

Scope of the Vulnerability Disclosure Program

We are particularly interested in vulnerabilities that impact:
  • Gray Beard Cybersecurity's public-facing websites, applications, and infrastructure.
  • Systems handling Controlled Unclassified Information (CUI) or other sensitive data.
  • Security controls related to NIST 800-171, CMMC, FedRAMP, and ISO 27001 compliance.

Out-of-Scope Issues:

  • Social engineering or phishing attacks.
  • Physical security concerns.
  • Denial of Service (DoS) attacks.
  • Vulnerabilities in third-party software that we do not control.

Recognition & Ethical Collaboration

We deeply appreciate the efforts of security researchers who help improve our defenses. While we do not offer financial rewards at this time, we recognize and credit valid vulnerability discoveries through:
  • Public acknowledgment (if desired).
  • Opportunities to collaborate on future security initiatives.
  • Strengthening your reputation as a trusted security professional.

Legal Safe Harbor

We believe in responsible security research and will not take legal action against researchers who follow our Vulnerability Disclosure guidelines. Acting in good faith and adhering to ethical practices is critical to ensuring a positive collaboration.

Report a Vulnerability

If you've discovered a security vulnerability, let's work together to fix it. Submit your report securely via our Vulnerability Submission Form or contact our security team at security@gbcyber.net.