.png?width=126&height=101&name=logo%20(2).png)
.png?width=63&height=51&name=logo%20(6).png)
RULES OF ENGAGEMENT To qualify for safe harbor, we ask that you:
Avoid Privacy Violations
If you accidentally encounter Personally Identifiable Information (PII), stop immediately and report the finding without further access.
No Disruptions
Do not perform Denial of Service (DoS) attacks or disrupt our services.
No Social Engineering
Do not target PXL Vision employees or customers.
Confidentiality
Do not disclose findings to third parties or the public until we have had a reasonable opportunity to remediate
(we ask for 120 days from the initial report).
(we ask for 120 days from the initial report).
Non-Qualifying Issues
To keep our security efforts focused on high-impact vulnerabilities, the following are considered out-of-scope and will typically not be acknowledged unless they lead to a direct exploit:
- Best Practice/Configuration: Missing security headers (e.g., CSP, HSTS, X-Frame-Options) or "best practice" DNS records (e.g., missing or "softfail" SPF/DMARC/DKIM).
- Informational Disclosure: Server version strings, descriptive error messages, or publicly accessible files that do not contain sensitive data (e.g., robots.txt).
- Low-Impact Web Vulnerabilities: Logout CSRF, clickjacking on pages without sensitive actions, or lack of secure/HTTP-only flags on non-sensitive cookies.
- Automated Scans: Reports generated solely by automated tools or scanners without a manual Proof-of-Concept (POC).