Send the report
Email security@pentstark.com. A PGP key is available on request.
Scope, response windows, and safe harbor should be readable before a test begins. This policy is the operating path for reporting vulnerabilities in PentStark properties.
The clocks below are the response windows researchers can expect from the security contact.
Email security@pentstark.com. A PGP key is available on request.
Expect an acknowledgement within 48 hours.
Expect a triage update within 5 business days.
Give us reasonable remediation time before publication — typically 90 days, coordinated.
We will not pursue legal action or contact law enforcement over good-faith research that complies with this policy.
If ownership is unclear, email the security contact before taking action. Authorization for a PentStark property does not extend to a vendor's service.
Authorized properties
Excluded testing
Keep evidence to the minimum needed to demonstrate impact and avoid including data that is not your own.