Gambryce Responsible Disclosure Policy
Gambryce’s products and services very frequently find issues with an organisation’s cyber security (for example, an exposed database or misconfigured email).
We act responsibly when this occurs, and whenever it seems to us appropriate, and provided we can identify the relevant person within that organisation and their contact details, we may notify that contact of the vulnerability. Needless to say, as part of our responsible and ethical policy, we will not make publicly available, or disclose to others outside the organisation in question, the identity of the company or the vulnerabilities found, but we may use the information within the statistical and comparative analysis we publish or create within our own data. We invite our customers to support this policy by acting in similar fashion.