ForscieForscie logo

Security Disclosure Policy

Effective Date: September 18, 2025

Applies to: forscie.com and knowledge.forscie.com

Owned and operated by: Forscie Limited

Registered Address: 101 King's Cross Road, London, England, WC1X 9LP

Jurisdiction: United Kingdom

1. Introduction

At Forscie, we take the security of our systems and the trust of our users seriously. We recognize the important role that security researchers and members of the community play in helping us maintain a secure environment.

If you believe you have discovered a security vulnerability in any of Forscie's websites, platforms, or products, we encourage you to report it to us responsibly.

Scope

This policy applies to:

  • forscie.com – our public-facing company website
  • knowledge.forscie.com – our structured Knowledge Center for operational guidance and insights for insider threat professionals

This policy does not cover third-party platforms we use (e.g., social media accounts, partner-operated systems), or private beta services unless explicitly stated.

2. Reporting a Vulnerability

If you identify a potential security issue, please report it to us by email:

security@forscie.com

Please include the following information where possible:

  • A detailed description of the issue
  • Steps to reproduce the vulnerability
  • Any relevant screenshots, logs, or payloads
  • Your contact information (or anonymous alias if preferred)

We encourage encrypted communication. A PGP public key is available on request.

3. What You Can Expect

We take all reports seriously and appreciate the effort that goes into responsible disclosure. When you report a vulnerability:

  • We will acknowledge your report within 5 working days
  • We will investigate and aim to provide a status update within 10 working days
  • We may contact you for additional information or clarification
  • We will notify you once the issue is remediated (where applicable)
  • Where appropriate, and with your consent, we may credit you publicly for the discovery.

4. Responsible Disclosure Guidelines

We ask that you:

  • Do not access, modify, or delete any data that does not belong to you
  • Do not perform denial-of-service attacks, social engineering, or physical intrusion
  • Do not publicly disclose vulnerabilities before we have had a reasonable opportunity to address them
  • Act in good faith and in compliance with applicable laws

Forscie will not take legal action against researchers who act in accordance with this policy and in good faith.

5. Safe Harbor

We consider activities conducted under this policy to be authorized, provided they are carried out responsibly and in good faith. If legal uncertainty arises, we will do our best to support and protect researchers acting within the scope of this policy.

If you have any questions about this policy, please contact us at security@forscie.com .

Forscie®. Inside Matters.