Skip to content
Thav Global Solutions
Responsible disclosure

Reporting a security issue

If you believe you have found a vulnerability in a system we run, we want to hear from you, and we will treat your report with respect.

How to report

Email security@thavglobal.com with enough detail to reproduce the issue: the affected system, the steps, and the impact you observed. If you need to share sensitive material, say so and we will provide an encrypted channel before you send anything.

What we ask

  • Give us a reasonable chance to investigate and fix the issue before any public disclosure.
  • Do not access, modify, or delete data that is not yours, and stop at the point of proof.
  • Do not run denial-of-service tests, spam, or social-engineering attacks against people.
  • Stay within the system in scope, and do not pivot into networks or data beyond it.

What you can expect

  • An acknowledgement that we received your report, and a human who owns it.
  • An honest assessment of severity and a timeline for the fix.
  • Confirmation once the issue is resolved, with credit if you would like it.
  • Good-faith research conducted under this policy will not lead to legal action from us.

Scope

This policy covers systems operated by Thav Global Solutions. For a system we built but a client operates, please report to that client; we will help coordinate where we can. When in doubt, write to us and we will route it correctly.