Responsible Vulnerability Disclosure Policy

GIANT Solutions LLC
37 Prospect Street, Amsterdam, NY 12010

Purpose

GIANT Solutions LLC is committed to maintaining the security and integrity of its systems, services, and customer information. We value the efforts of security researchers and members of the public who help us identify potential security vulnerabilities in a responsible manner.

This Responsible Vulnerability Disclosure Policy describes how third parties can report suspected security vulnerabilities and how GIANT Solutions will respond.

Scope

This policy applies to:

  • Publicly accessible systems, applications, and services owned or operated by GIANT Solutions LLC
  • Security vulnerabilities discovered by independent researchers acting in good faith

This policy does not authorize testing of systems owned by third parties, customers, or partners of GIANT Solutions.

Good-Faith Security Research

GIANT Solutions encourages responsible security research conducted in good faith. We ask that researchers:

  • Avoid privacy violations, data destruction, or service disruption
  • Do not access, modify, or delete data beyond what is necessary to demonstrate the vulnerability
  • Do not use social engineering, phishing, or physical security testing
  • Do not exploit vulnerabilities for purposes other than reporting
  • Provide us reasonable time to investigate and remediate before public disclosure

Activities conducted in accordance with this policy are considered authorized.

How to Report a Vulnerability

If you believe you have discovered a security vulnerability involving GIANT Solutions, please report it as soon as possible using one of the following methods:

Email: [email protected]
Subject Line: Responsible Disclosure Report

Please include, where possible:

  • A description of the vulnerability
  • The affected system or URL
  • Steps to reproduce the issue
  • Any relevant screenshots or logs
  • Your contact information (optional)

Anonymous reports are accepted.

Our Commitment

Upon receiving a vulnerability report, GIANT Solutions will:

  • Acknowledge receipt of the report in a timely manner
  • Review and assess the reported issue
  • Take appropriate steps to remediate confirmed vulnerabilities
  • Coordinate disclosure timing when appropriate

Response times may vary based on severity and complexity.

Disclosure and Confidentiality

We request that vulnerability details not be publicly disclosed until GIANT Solutions has had a reasonable opportunity to investigate and address the issue.

GIANT Solutions will not intentionally pursue legal action against individuals who:

  • Act in good faith
  • Follow this policy
  • Avoid privacy violations, data destruction, and service disruption

Out of Scope

The following are considered out of scope:

  • Denial-of-service (DoS/DDoS) testing
  • Social engineering or phishing
  • Physical security testing
  • Vulnerabilities in third-party platforms not controlled by GIANT Solutions

No Bounty Program

GIANT Solutions does not currently operate a paid bug bounty program. However, we appreciate responsible disclosures that help improve our security posture.

Policy Updates

This policy may be updated periodically. The most current version will be published on our website.

Last Updated: 12/15/26