Reporting Security Vulnerabilities

At CERES TAG, security is our priority. We welcome reports from security researchers and the wider community to help keep our products and services secure.

If you believe you have found a security vulnerability in a CERES TAG product or service, please report it to us.

How to Report

You can report security vulnerabilities via email at security@cerestag.com.

When submitting a report, please include:

• A detailed description of the issue

• Steps to reproduce the vulnerability

• Any proof-of-concept code, if available

• Any known attack scenarios

• Your contact details (optional but helpful for follow-up)

What to Expect

After submitting your report, we will:

• Acknowledge receipt within 5 business days

• Conduct an initial assessment and respond within 10 business days

• Provide regular status updates every 30 days until resolution

• Aim to resolve critical vulnerabilities within 90 days of validation (timeframes may vary based on complexity)

Responsible Disclosure & Safe Harbor

We appreciate responsible disclosure and operate under a good-faith approach:

• No legal action will be taken against researchers who comply with this policy

• Avoid activities that disrupt our services, compromise user data, or violate laws

• Allow us reasonable time to address the issue before public disclosure

Recognition

With your consent, we may publicly acknowledge your contributions on our security page or other relevant channels.

Contact Us

For any questions about this policy, please contact our security team at security@cerestag.com.

Thank you for helping keep CERES TAG secure.