Skip to main content

Shademont Responsible Disclosure Program

Our Security Commitment

At Shademont, safeguarding the confidentiality and integrity of our clients’ information is at the heart of everything we do. Cybersecurity is a shared responsibility, and we welcome the efforts of researchers and the broader security community who help us strengthen our systems. By responsibly reporting potential weaknesses, you contribute directly to making our platforms more secure for everyone.

If you discover a possible vulnerability in our environment, we ask that you share it responsibly by following the guidelines below. Submissions should include:

  • A clear explanation of the issue and its location.
  • The steps required to replicate the vulnerability.

Principles for Responsible Reporting

To ensure that collaboration with researchers is safe, constructive, and compliant, we expect the following principles to be observed:

  • Do not engage in actions that could harm Shademont, our clients, or employees.
  • Avoid disrupting, slowing, or disabling any of Shademont’s services or infrastructure.
  • Never attempt or simulate fraudulent financial activity.
  • Do not conduct research that violates federal, state, or international laws or regulations.
  • Do not copy, retain, or share Shademont or client data. If you encounter Personally Identifiable Information (PII), stop immediately, delete any related data from your system, and notify Shademont right away.
  • Refrain from using automated vulnerability scans or mass testing tools.
  • Give Shademont sufficient time to verify and resolve the issue before sharing it publicly or with any third party.

Reports submitted in accordance with these principles will not result in legal action by Shademont. We do, however, reserve the right to take action where the guidelines are not followed.

Our Promise to Security Researchers

When you share a vulnerability with us responsibly, you can expect the following from Shademont:

  • Prompt acknowledgement of your report.
  • Ongoing communication regarding the status of your submission.
  • Notification once the vulnerability has been validated and addressed.

Issues Outside the Program’s Scope

Certain findings are not covered under Shademont’s Responsible Disclosure Program. Examples of out-of-scope vulnerabilities include:

  • Physical security testing or attempts to gain physical access.
  • Social engineering or phishing tactics.
  • Denial of Service (DoS) or Distributed Denial of Service (DDoS) testing.
  • Resource exhaustion exploits.
  • Vulnerabilities that rely on man-in-the-middle (MITM) activity or physical access to user devices.

How to Document Your Report

To help us assess your findings quickly and effectively, please provide:

  • A detailed description of the vulnerability.
  • The specific application, system, or service where the issue was found.
  • Steps and tools used in discovery.
  • Supporting evidence, such as logs, artifacts, or screenshots where possible.

Submitting Your Report

Shademont partners with HackerOne to triage and validate responsibly disclosed vulnerabilities. Please submit your report here:

Submit via HackerOne

If HackerOne is not available to you, reports may alternatively be sent to: nasser@shademont.com

We encourage the use of HackerOne whenever possible to ensure timely handling and validation of your submission.