top of page
FELCO Solutions Software Vulnerability Disclosure Policy

1. Our Commitment to Security

At FELCO Solutions, we take the security of our software and users seriously. We are committed to protecting the confidentiality, integrity, and availability of our systems and data. We recognize the important role that independent security researchers and our user community play in helping us maintain a secure environment.

If you discover a potential security vulnerability in any of our software products or services, we encourage you to report it responsibly. 

2. SCOPE

This policy applies to all FELCO Solutions software products, web applications, APIs, and supporting services that are:

  • Developed or maintained by FELCO Solutions, and

  • Publicly accessible or deployed to customers under our brand.

Reports related to third-party software, services, or integrations not controlled by FELCO Solutions are out of scope.

3. REPORTING A VULNERABILITY

If you believe you’ve discovered a vulnerability, please send us a report at: support@felcosolutions.com

Your report should include:

  • A clear description of the vulnerability and where it was found.

  • Steps to reproduce the issue (including URLs, input data, or sample code, if applicable).

  • The potential impact of the issue.

  • Your contact information for follow-up.

We recommend encrypting sensitive details using PGP if possible.

4. WHAT TO EXPECT

When you report a valid security issue in good faith, FELCO Solutions will:

  1. Acknowledge receipt of your report within 5 business days.

  2. Review and verify the issue promptly.

  3. Work to remediate the vulnerability in a timely manner.

  4. Keep you informed of progress and resolution.

  5. Offer public acknowledgment (if desired) once the issue is confirmed and resolved.

5. RESPONSIBLE RESEARCH GUIDELINES

To protect our users and systems, we ask that you:

  • Avoid accessing, modifying, or deleting data that does not belong to you.

  • Do not disrupt or degrade our services (e.g., through denial-of-service attacks).

  • Refrain from publicly disclosing the issue until we have confirmed and resolved it.

  • Test only within the boundaries of our products and systems covered by this policy.

  • Comply with all applicable laws during your testing.

6. OUT OF SCOOPE EXAMPLES

The following types of findings are generally not in scope for this policy:

  • Denial-of-Service or brute-force attacks.

  • Reports of outdated libraries without evidence of exploitability.

  • Vulnerabilities in third-party systems or software not managed by FELCO Solutions.

  • Social engineering, phishing, or spam.

  • Physical or local device vulnerabilities.

7. SAFE HARBOR

If you make a good-faith effort to comply with this policy and report vulnerabilities responsibly:

  • FELCO Solutions will not initiate or support legal action against you for your research.

  • We will treat your findings with respect and confidentiality.

  • We may, at our discretion, recognize your contribution publicly once the issue is resolved.

8. POLICY UPDATES 

FELCO Solutions may update this Vulnerability Disclosure Policy as our software and security practices evolve. The latest version will always be available on our official website.

EFFECTIVE DATEOCTOBER 1, 2025

bottom of page