Vulnerability Disclosure Policy
Vulnerability Disclosure
CraftedTrust welcomes good-faith security reports.
How to Report
Preferred channel
Email the report
Send details to cyber.craft@craftedcybersolutions.com. Include the affected service, clear reproduction steps, and observed impact.
What helps most
- Affected service, route, or domain
- Clear reproduction steps or proof-of-concept
- Observed impact and any likely preconditions
- Whether you believe customer data or platform credentials are at risk
Acknowledgment SLA
1 business day
Valid submissions receive an immediate tracking ID and acknowledgment within one business day.
Triage SLA
2 business days
Touchstone triage classifies reports as accepted, duplicate, out of scope, or needs more info within two business days.
Coordination model
90-day default
Accepted disclosures follow a coordinated 90-day model unless severity or active exploitation justifies a different timeline.