Patrocinium | ArcAngel
Security.txt

Responsible Disclosure

At Patrocinium Systems Inc., we consider the security of our systems a top priority. But no matter how much effort we put into security, there can still be vulnerabilities present.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Please do the following:

What we promise:

We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.

Scope

While we do strive to secure all our operations, some systems are more critical than others. The best place to start testing and reporting vulnerabilities are the following endpoints:

Our main Wordpress sites are not critical to our business operations and contain no private data or escalated rights. While we still want to hear about major problems on the Wordpress sites, keep in mind that Wordpress vulnerability reports will always be considered 'low priority' bounties.

Out of Scope

To help keep our attention focused on the important issues, and so you don't waste your time in your research, we'll list of few things that are specifically 'out of scope':

Unfortunately, we do not have a formal bug bounty or swag program right now. We do have a "Hall of Fame" page where we would like to thank and acknowledge the efforts of security researchers that have reached out to us:

Hall of Fame