Status
Strikore Defense Systems is currently in a pre-launch stage. We welcome good-faith reports of security issues affecting our public web presence and any public tools that may be published on this domain. This page describes how to report issues responsibly.
Security Contact
If you believe you have found a security vulnerability, please report it using the contacts below.
If the primary security address is not yet active, please use contact@strikoresystems.com in the meantime. Please mark your subject line with [SECURITY] to help ensure timely review.
Current Scope
The current scope of this disclosure policy is limited to:
- strikoresystems.com — the primary website domain
- Publicly accessible pages and content hosted directly under this domain
- Any future public tools, demos, or experiments explicitly published on this domain
Out of Scope
The following activities are explicitly out of scope and must not be performed:
- Denial of service (DoS/DDoS), load testing, or stress testing
- Brute force attacks against any endpoint, login, or service
- Phishing, social engineering, impersonation, or physical attacks
- Spam or unsolicited bulk messaging
- Deployment of malware, ransomware, or any malicious payload
- Extortion, threats, or conditional disclosure
- Privacy-invasive testing or harvesting of personal data
- Attempts to access, modify, exfiltrate, or destroy data beyond what is necessary to demonstrate a vulnerability
- Persistence, privilege escalation, or lateral movement
- Attacks against third-party services, platforms, or infrastructure not owned or controlled by Strikore Defense Systems
- Automated scanning at a rate or volume that degrades service quality or disrupts availability
How to Report
When submitting a security report, please include as much of the following information as possible:
- A short summary of the issue
- The affected URL, page, or tool
- Clear reproduction steps
- A description of the potential security impact
- Screenshots or proof of concept, if safe and necessary to demonstrate the issue
- Any suggested remediation, if available
Clear, detailed reports help us understand and address issues more effectively. Please avoid including sensitive data or credentials in your report beyond what is strictly necessary.
Good-Faith Expectations
We value the contributions of responsible security researchers. If you report a vulnerability in good faith, we ask that you observe the following principles:
- Conduct all testing in a responsible and non-destructive manner
- Stop testing immediately if you encounter personal data, secrets, credentials, or anything that appears sensitive or confidential
- Do not retain, share, publish, or misuse any data discovered incidentally during testing
- Report the issue promptly and allow reasonable time for review and remediation before any public disclosure
- Do not exploit a vulnerability beyond the minimum necessary to demonstrate its existence
We appreciate responsible, good-faith security research. While we cannot offer broad legal protections or guarantees at this stage, we will consider the conduct and intent of researchers in the spirit in which they are disclosed.
Rewards & Response Times
- No bug bounty or financial reward is offered at this time.
- No guaranteed response time is promised at this stage.
- Reports will be reviewed on a best-effort basis and prioritized according to severity and impact.
Additional Information
Additional formal security processes, documentation, and response procedures may be published as the company matures and operational capabilities are established.