Responsible Disclosure

This policy covers systems owned and operated by Stealth Layer Security, including the stealthlayersecurity.com website. It does not authorize testing of client systems or any third-party service.

Email security@stealthlayersecurity.com with a clear description of the issue, the affected URL or component, steps to reproduce, and any supporting evidence. Please do not include sensitive data beyond what is needed to demonstrate the issue.

Please avoid actions that degrade service availability, access or modify data that does not belong to you, or affect users other than your own test accounts. Automated scanning must be rate-limited and clearly identifiable.

We will acknowledge valid reports, keep researchers informed about remediation progress, and credit reporters who wish to be credited when an issue is resolved.

Research conducted in good faith and in line with this policy will not be pursued or escalated by Stealth Layer Security. This safe harbor applies only to in-scope systems.