Vulnerability Disclosure Policy (VDP)

Scope

This policy applies to vulnerabilities identified in public-facing websites and production services owned by PMWEB. It does not apply to third-party systems, social engineering, DoS testing, or disruptive scanning.

How to Report a Vulnerability

Please report vulnerabilities to security@PMWEB.com including description, steps to reproduce, affected systems, and proof of concept if available.

Our Commitment

PMWEB will acknowledge receipt, investigate findings, remediate confirmed issues, and communicate status where appropriate.

Guidelines for Responsible Disclosure

Act in good faith. Do not exploit beyond necessary validation. Do not access or modify data. Do not disrupt services. Maintain confidentiality until resolved.

No Compensation

PMWEB does not operate a bug bounty or reward program and does not provide compensation for unsolicited reports.

Legal Safe Harbor

PMWEB will not pursue legal action against individuals who comply with this policy and act in good faith without causing harm.

Policy Updates

PMWEB reserves the right to update this policy at any time.