Vulnerability Disclosure
Responsible disclosure guidance.
We welcome good-faith reports of potential security issues affecting Vantage CISO web properties and workflows.
Last reviewed: March 26, 2026.
How to Report
Send reports to john@vantageciso.com with reproduction steps, impact, and supporting evidence.
Researcher Expectations
- Test only systems you are authorized to assess.
- Avoid privacy violations, service disruption, or data destruction.
- Do not publicly disclose details until we confirm remediation or provide status.
Program Scope
This policy supports coordinated disclosure. No bug bounty or compensation is promised.
If the report is tied to active buyer diligence, include context and optionally copy john@vantageciso.com.