Product Security
We take security seriously and welcome reports of potential vulnerabilities across all products, platforms, services, and infrastructure operated or provided by Stirling Logic LTD.
Responsible Disclosure Policy
How to report a vulnerability
If you believe you have discovered a security vulnerability, please email: security@stirlinglogic.co.uk
If you would like a secure transfer link for files or sensitive details, email the address above and request one.
To help us triage and reproduce the issue, include:
- The affected product, service, or URL/endpoint
- A clear description of the vulnerability and its potential impact
- Steps to reproduce (proof-of-concept where appropriate)
- Any relevant screenshots, logs, timestamps, request IDs, or headers
- Your preferred contact details for follow-up
Our commitment
- We will acknowledge receipt of your report within a reasonable timeframe.
- We will investigate and validate the issue.
- We will work to remediate confirmed vulnerabilities in a timely manner.
- Where appropriate, we will provide updates on progress.
Researcher expectations
We ask that you act in good faith and avoid actions that could harm users, data, or service availability. In particular:
- Do not access, modify, or exfiltrate data that does not belong to you.
- Do not disrupt services (for example, using denial-of-service techniques).
- Do not use social engineering, phishing, or physical security testing.
- Limit testing to what is necessary to demonstrate the issue.
- Do not publicly disclose the vulnerability until it has been resolved or disclosure has been agreed in writing.
Out of scope
Unless explicitly authorised in writing, the following are out of scope:
- Denial-of-service attacks (or other availability-impacting testing)
- Social engineering or phishing attempts
- Physical security testing of offices, staff, or equipment
- Testing against third-party services or providers
Bug bounty and rewards
Stirling Logic LTD does not operate a guaranteed bug bounty programme. However, discretionary awards or recognition may be granted for eligible reports at our sole discretion.
Safe harbour
If you conduct security research in line with this policy and in good faith, we consider this research authorised. We will not pursue legal action for such activity. This does not apply to malicious activity, privacy violations, data misuse, or actions that cause disruption.
Questions
If you are unsure whether your research is in scope, contact us at security@stirlinglogic.co.uk before proceeding.