Responsible Disclosure
Parthenius Air welcomes responsible, good-faith reports of security vulnerabilities affecting our public-facing systems and services. Security is strengthened through responsible collaboration. We appreciate researchers who help improve the resilience of our systems through ethical and responsible disclosure.
What this policy covers
This policy applies only to publicly accessible Parthenius Air digital assets.
This policy does not authorise testing against client systems, operational deployments, drone infrastructure, communications infrastructure, physical facilities, or any environment where testing could affect safety or operations.
How to report a vulnerability
Please include the following in your report:
- A description of the issue
- The affected system or URL
- Reproduction steps
- Potential impact
- Supporting evidence
What researchers can expect
On receipt of a responsible disclosure report, Parthenius Air will:
- Acknowledge receipt of the report
- Investigate legitimate reports in good faith
- Remediate confirmed vulnerabilities where appropriate
- Communicate with the reporter when practical
Responsible research
Researchers conducting security research under this policy should:
- Act lawfully and in good faith
- Avoid service disruption
- Avoid accessing data unnecessarily
- Avoid social engineering, physical intrusion, and denial-of-service testing
- Allow reasonable remediation time before public disclosure
Legal protection
Where research is conducted responsibly, lawfully, and in accordance with this policy, Parthenius Air will not pursue legal action solely for the responsible reporting of a genuine security vulnerability.
This safe harbour does not apply to activities that disrupt services, compromise client systems, exceed authorised access, involve extortion, or violate applicable law.
Acknowledgement
With the researcher's consent, Parthenius Air may acknowledge meaningful responsible disclosures.