Security

Responsible Disclosure Policy

Effective: 27 May 2026 · Owner: BitScore Cybertech LLP, Ahmedabad, India

BitScore Cybertech LLP welcomes security research conducted in good faith. This page sets out how to report a vulnerability to us, what we promise in return, and what is and is not in scope.

How to report

Email security@bitscore.in with:

• A clear description of the issue and where you found it.
• Steps to reproduce, ideally with a proof-of-concept.
• The impact you believe it has, and whether you have shared the finding elsewhere.
• How you would like to be credited (name, handle, or anonymous).

What we promise

• Acknowledgement within 2 business days (IST).
• Substantive triage within 10 business days.
• Resolution updates at meaningful milestones.
• Public credit in our advisory if you wish.
• No legal action against researchers who comply with this policy in good faith.

In scope

• The website bitscore.in and its subdomains.
• Public-facing services that BitScore Cybertech LLP operates directly.

Out of scope

• Customer environments, Bitsight infrastructure, or third-party services.
• Social engineering, physical attacks, or denial-of-service testing.
• Automated scanner output without manual validation.

Coordinated disclosure

Please keep findings confidential until we have had a reasonable opportunity to remediate. Our default disclosure window is 90 days from acknowledgement.

← Back to BitScore · security.txt