Responsible Vulnerability Disclosure






Responsible Vulnerability Disclosure — Embarc Solutions


Secure operations — protecting customer and company data


Embarc Solutions logo

Responsible Vulnerability Disclosure

We appreciate the work of researchers who help keep our systems safe. If you find a potential security vulnerability affecting www.embarcsolutions.com, please report it responsibly using the process below.

Effective Date: October 29, 2025   |   Last Updated: October 29, 2025

On this page

1. Purpose

Embarc Solutions is committed to protecting our customers, partners, and systems. This policy gives security researchers and the public a clear and safe process to report potential vulnerabilities affecting our website and services.

2. Scope

This policy covers:

  • The Embarc Solutions public website: www.embarcsolutions.com
  • Web applications and public APIs owned and operated by Embarc Solutions
  • Services and endpoints explicitly included in this policy

Out of scope: physical security, social engineering targeting staff or customers, attacks on third-party services that we do not own, and denial-of-service tests.

3. Reporting a Vulnerability

If you discover a potential vulnerability, please report it promptly using the information below. Provide as much detail as possible to help us reproduce and remediate the issue.

Required report details:

  • Clear description of the issue and affected URL(s)
  • Steps to reproduce (proof-of-concept), including request/response samples if applicable
  • Any screenshots, logs, or error messages that help illustrate the problem
  • Your preferred contact information (email is fine; you may remain anonymous)

4. Our Commitment

When you report responsibly, Embarc Solutions will:

  • Acknowledge receipt of your report within 5 business days
  • Provide periodic updates and work to remediate the issue promptly
  • Notify you when the issue is resolved
  • With your permission, give public credit on our Security Acknowledgments page

5. Safe Harbor

We support good-faith security research. If you act within the scope of this policy and in good faith, Embarc Solutions will not pursue legal action against you for your research activities. Please:

  • Avoid privacy violations, data theft, or service disruption
  • Limit testing to the minimum required to demonstrate the issue
  • Do not exploit the vulnerability for personal gain

6. Prohibited Activities

Do not undertake the following when researching Embarc Solutions systems:

  • Access, modify, or delete data that you are not authorized to access
  • Perform denial-of-service (DoS) attacks or actions that impact availability
  • Use social engineering techniques against personnel or customers
  • Publicly disclose a vulnerability before it is remediated

7. Recognition

We appreciate researchers who responsibly disclose issues. With your consent, we may list your name or alias on our Security Acknowledgments page.

8. Contact

Please submit vulnerability reports by email to: contact@embarcsolutions.com

For urgent matters, include "URGENT: Vulnerability Report" in the email subject line.

9. Policy Version

Version 1.0 — Effective Date: October 29, 2025


Responsible Vulnerability Disclosure - Privacy Policy