フロスト&サリバン、TeamT5を再び台湾における最優秀脅威インテリジェンス企業に選出

Vulnerability Disclosure Policy

1. Purpose

At TeamT5, we are dedicated to protecting the security of our customers, partners, and the community. We warmly Sincerely welcome security researchers, experts, or any good-faith third parties to responsibly report potential vulnerabilities or security incidents in our websites, products, or infrastructure. This policy aims to:
  • Provide a clear and transparent reporting channel
  • Protect good-faith researchers from legal liability
  • Improve the security of our products and services together

2. Scope

This policy applies to:
  • Our official websites, cloud services, and infrastructure
  • Our EDR and other cybersecurity products and solutions
  • Any assets related to the company’s information security

3. Out of Scope

We generally will not accept or respond to reports on:
  • SPF / DMARC / DKIM configuration issues
  • Open directory listings without sensitive data
  • HTTP error messages or banner disclosures
  • Client-side issues due to weak user passwords
  • Vulnerabilities requiring physical access
  • Third-party resources or services not managed by us

4. Reporting Process

(1) What to include
  • Name & version of the affected product/service
  • Description and potential impact
  • Steps to reproduce or Proof of Concept (PoC)
  • Your contact email
(2) How to submit
(3) Our process
  • Initial acknowledgment within 72 hours
  • Assessment and fix based on severity
  • After resolution and public advisory, we can credit you (with your consent).
  • 90-day policy: We request you wait 90 days before public disclosure (may adjust based on severity).
(4) CVE process
  • If it meets public criteria, we’ll help request a CVE ID from CNA.
  • We can include you as the discoverer if you agree.

5. Responsible Disclosure Principles

We ask that you:
  • Do not publicly share details before a fix or advisory.
  • Do not exploit the vulnerability to access, leak, or destroy data.
  • Only test to the extent needed to confirm the issue; no destructive testing or persistent backdoors
  • Allow us 90 days to fix the issue (subject to adjustment)
  • Provide clear and detailed reports

6. Legal Statement & Safe Harbor

  • We appreciate every good-faith reporter, and will not claim legal liability for actions of good-faith reporting in accordance with this policy.
  • If a reporter violates the law or intentionally and maliciously exploits a vulnerability, the company reserves the right to hold them legally accountable under applicable civil and criminal laws.
  • This policy does not create a contractual or cooperative relationship; we may revise it as necessary.

7. Contact

We use cookies to provide you with the best user experience. By continuing to use this website, you agree to ourPrivacy & Cookies Policy.