Responsible Disclosure

Report a Vulnerability

We take security seriously. If you've discovered a vulnerability in our systems, we want to hear from you.

Our Commitment to Security

At Redcliff Technologies, security is at the core of everything we do. We appreciate the security research community and encourage responsible disclosure of any vulnerabilities you may discover in our platform.

Scope

Our vulnerability disclosure program covers:

  • NegevSecure web application (*.negevsecure.com)
  • NegevSecure API endpoints
  • Mobile applications (if applicable)
  • Supporting infrastructure directly operated by Redcliff Technologies

Out of Scope

  • Third-party services and integrations
  • Social engineering attacks
  • Physical security attacks
  • Denial of service attacks
  • Spam or phishing attempts

Guidelines

When conducting security research, please:

  • Avoid accessing or modifying other users' data
  • Do not perform actions that could harm our users or services
  • Keep all vulnerability details confidential until we've had time to address them
  • Provide sufficient detail for us to reproduce and verify the issue
  • Allow reasonable time for us to respond and remediate

Submit a Report

Please provide as much detail as possible to help us understand and reproduce the vulnerability.

Encrypted Communication

For sensitive reports, you can encrypt your submission using our PGP key:

Download PGP Key

Our Response Process

What to expect after submitting a vulnerability report

Acknowledgment

Within 24 hours

We'll acknowledge receipt of your report and assign it to our security team.

Triage & Verification

1-3 business days

Our team will verify the vulnerability and assess its severity and impact.

Communication

Within 5 business days

We'll update you on our findings and discuss remediation timeline.

Remediation

Varies by severity

We'll develop and deploy a fix for the vulnerability.

Recognition

After fix is deployed

With your permission, we'll acknowledge your contribution to our security.

Prefer Email?

You can also report vulnerabilities directly to our security team:

[email protected]

Please include "Security Report" in the subject line.