Vulnerability Disclosure & Authorization
How to report a vulnerability in TX Pentest-owned systems without assuming authorization.
Report a suspected issue
Email security@txpentest.com with a high-level description and your preferred contact method. Do not send exploit code, credentials, personal data, or sensitive evidence until we provide a protected channel.
Allowed without prior written permission
You may observe and report issues encountered through ordinary, good-faith use of public pages. You may not use automated scanning, access non-public data, bypass controls, create persistence, degrade service, pivot to other systems, or test third-party services.
If authorization is granted
Any authorization will be explicit, written, time-bounded, asset-specific, and technique-specific. Follow the stated limits and stop immediately if you encounter sensitive data, service instability, or an unexpected system.
Coordinated handling
We will acknowledge valid reports when practical, investigate, and communicate remediation status at our discretion. Please allow reasonable time to address an issue before public disclosure. We do not promise payment or a bug bounty unless separately stated in writing.
Client systems
Do not report suspected issues in client systems through this policy. Contact the system owner using its published disclosure channel.