Responsible Disclosure

We welcome responsible security research and encourage the ethical disclosure of vulnerabilities in our systems and services.

1. Scope

This policy covers all UMBRELLA-owned websites, applications, APIs, and infrastructure. If you are unsure whether a system is in scope, please contact us before testing.

2. Rules of Engagement

  • Only test systems you have explicit authorization to assess
  • Avoid actions that could degrade service availability or impact other users
  • Do not access, modify, or delete data belonging to others
  • Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
  • Maintain confidentiality of any findings until we have resolved them

3. Safe Harbor

UMBRELLA commits not to pursue legal action against researchers who discover and report vulnerabilities in good faith in accordance with this policy. We ask that you provide reasonable time for us to address the issue before making any public disclosure.

4. How to Report

Please send vulnerability reports to us via our contact page. Include:

  • A clear description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Any supporting evidence such as screenshots or proof-of-concept code
  • Your contact information for follow-up

5. Recognition

We appreciate the efforts of the security research community. With your permission, we may publicly acknowledge your contribution once the vulnerability has been remediated.