Skip to content

Vulnerability disclosure policy

This policy gives security researchers a point of contact to directly submit their findings if they believe they have found any potential security vulnerability with any applications, systems, services, or web endpoints that Brighte Capital owns.

There will be no financial compensation for finding and reporting any potential or confirmed vulnerabilities.

How to report a vulnerability

  • To report a vulnerability, email
  • Include enough detailed steps to reproduce and validate your findings.
  • Once we have received the detailed steps and validated the findings, we credit you by displaying your name as the person who discovered the vulnerability unless you prefer us not to mention it.


  • Notify us as soon as possible after discovering an actual or potential security issue.
  • All reported vulnerabilities under this policy must be kept confidential unless authorised to make it public.
  • You must not intentionally compromise the intellectual property or other commercial or financial interests of Brighte Capital.
  • Make a good faith effort to comply with this policy during your security research. We will consider your research authorised, and Brighte Capital will not recommend or pursue legal action related to your research.
  • Although this policy gives researchers a way to report securities vulnerabilities, it does not authorise or invites anyone to perform the below activities.
    • DoS/DDoS attacks
    • Brute force attacks
    • Any reconnaissance or scanning
    • Gaining or maintaining access
    • Phishing
    • Delete, alter, share, retain, or destroy any data.