Policy

Vulnerability Disclosure & Authorization

How to report a vulnerability in TX Pentest-owned systems without assuming authorization.

Effective: July 12, 2026

This is not a blanket safe harbor or authorization to test. Contact us before any active testing beyond ordinary use.

Report a suspected issue

Email security@txpentest.com with a high-level description and your preferred contact method. Do not send exploit code, credentials, personal data, or sensitive evidence until we provide a protected channel.

Allowed without prior written permission

You may observe and report issues encountered through ordinary, good-faith use of public pages. You may not use automated scanning, access non-public data, bypass controls, create persistence, degrade service, pivot to other systems, or test third-party services.

If authorization is granted

Any authorization will be explicit, written, time-bounded, asset-specific, and technique-specific. Follow the stated limits and stop immediately if you encounter sensitive data, service instability, or an unexpected system.

Coordinated handling

We will acknowledge valid reports when practical, investigate, and communicate remediation status at our discretion. Please allow reasonable time to address an issue before public disclosure. We do not promise payment or a bug bounty unless separately stated in writing.

Client systems

Do not report suspected issues in client systems through this policy. Contact the system owner using its published disclosure channel.