A ARKSOFT software development agency

Policy

Security Disclosure Policy

Effective May 26, 2026

ARKSOFT welcomes good-faith reports of potential security vulnerabilities affecting ARKSOFT-managed public websites and services.

How to Report

Please report vulnerabilities by email to info@arksoft.dev with the subject line: Security Disclosure Report.

  • Include affected URL, endpoint, service, or component.
  • Provide clear reproduction steps and observed impact.
  • Include proof-of-concept details that are safe and non-destructive.
  • Share your preferred contact method for follow-up.

Safe Harbor

When conducted in good faith and in accordance with this policy, ARKSOFT does not intend to pursue legal action for legitimate security research activities limited to vulnerability identification and responsible reporting.

Testing Boundaries

  • Do not access, alter, exfiltrate, or destroy data that does not belong to you.
  • Do not perform denial-of-service, spam, ransomware, social engineering, or extortion activity.
  • Do not use physical attacks, credential stuffing, or brute-force attacks against user accounts.
  • Do not publicly disclose unresolved issues before coordinated remediation.

Response Process

  • ARKSOFT will acknowledge receipt of valid reports as soon as reasonably practical.
  • Reports are triaged for severity, exploitability, and affected scope.
  • Remediation steps are prioritized based on risk and operational impact.
  • Where appropriate, ARKSOFT coordinates disclosure timing with the reporter.

Helpful Report Details

  • Technical summary and impact assessment.
  • Exact request and response examples with sensitive values redacted.
  • Environment details, timestamps, and prerequisites.
  • Whether exploit requires authentication and the privilege level required.

Out of Scope

General best-practice suggestions without an exploitable condition, issues in third-party platforms not controlled by ARKSOFT, and low-risk informational findings may be treated as non-security defects.

Disclosure and Recognition

ARKSOFT may acknowledge valid, responsibly reported findings at its discretion and in alignment with confidentiality, client obligations, and legal constraints.

Contact

Security disclosures should be sent to info@arksoft.dev.