Cooperative Security

Responsible Disclosure

Last updated: June 5, 2026

1. Introduction

At Aka Aoi Security, we believe that cybersecurity is a collaborative effort. We deeply value the work of external security researchers and the global hacker community in identifying vulnerabilities and helping us preserve a secure digital space.

If you have discovered a vulnerability or potential exploit in any of our public assets or services, we encourage you to report it immediately. We commit to working with you to validate and remediate the issue promptly and safely.

2. Safe Harbor

Aka Aoi Security will not initiate legal action or complain to law enforcement regarding testing activities that are conducted in accordance with this policy. We support security research that:

  • Avoids physical security violations, social engineering, spam, or denial-of-service (DoS/DDoS) attacks.
  • Does not access, modify, delete, or corrupt user data or client information that does not belong to you.
  • Adheres to standard responsible disclosure timelines, keeping vulnerability details confidential until a fix has been successfully deployed.

3. Reporting Guidelines

When submitting a vulnerability report, please send it to security@akaaoisecurity.com. To assist us in reviewing the issue, please include:

  • A detailed description of the vulnerability, including its location (URL, parameter, IP address).
  • Steps to reproduce the vulnerability, including proof-of-concept (PoC) code or screenshots.
  • Any specific tools, payloads, or libraries required to execute the exploit.

4. Response and SLA Commitments

We take every report seriously and will handle submissions with priority:

  • Initial Acknowledgment: We will acknowledge receipt of your report within 48 hours.
  • Triage and Verification: We aim to complete triage and confirm the vulnerability within 5 business days.
  • Remediation Timeline: We will keep you updated as we work to resolve the issue, aiming to address critical vulnerabilities within 30 days of validation.

5. Out of Scope Vulnerabilities

The following categories of vulnerabilities are strictly out of scope and do not qualify for safe harbor status:

  • Spam, phishing, or social engineering targeting Aka Aoi Security staff or clients.
  • Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) testing against our network nodes or infrastructure.
  • Issues related to third-party integrations or hosting services not directly managed or owned by Aka Aoi Security.
  • Missing security headers or best-practice configurations (e.g., SPF/DKIM records, HTTP headers) unless they lead to a direct exploit chain.