CHIMERASCOPE

VULNERABILITY DISCLOSURE // CHIMERASCOPE

Vulnerability Disclosure Policy

We welcome responsible security research. If you have discovered a potential vulnerability in our products or services, please report it through the secure form below.

Scope

This policy applies to all products, services, and infrastructure operated by Gexiro Global Enterprises Ltd under the ChimeraScope brand, including but not limited to:

  • chimerascope.com — primary website and landing page
  • Associated subdomains and services — any internet-facing asset operated under the chimerascope.com domain

How to Report

To report a security vulnerability, use the secure submission form at the bottom of this page. Select "Vulnerability Report" as the submission type and include as much detail as possible.

For encrypted communications, our PGP public key is available at:

PGP Public Key: chimerascope.com/.well-known/pgp-key.txt
Fingerprint: EED5 18E3 A297 106F 2CBA 1DA4 5DF7 605B F6D9 B6EA
Algorithm: RSA-4096
Expires: 2028-04-24

What to Include

Vulnerability Details

A clear description of the vulnerability, including the affected product, component, or URL. Specify the type of vulnerability (e.g., injection, authentication bypass, information disclosure).

Reproduction Steps

Step-by-step instructions to reproduce the issue. Include any tools, scripts, or payloads used. Screenshots or screen recordings are welcome.

Impact Assessment

Your assessment of the potential impact, including affected data, users, or systems. If possible, include a CVSS score or severity estimate.

Your Contact Information

A way to reach you for follow-up questions. We respect your privacy and will not share your contact information without consent. Anonymous reports are accepted.

Our Commitments

Acknowledgment — 72 Hours

We will acknowledge receipt of your report within 72 hours and provide a tracking reference for your submission.

Assessment — 14 Days

Our security team will assess the report, confirm the vulnerability, and determine its severity. We will keep you informed of our progress.

Remediation — 90 Days

We aim to remediate confirmed vulnerabilities within 90 days of confirmation. Critical vulnerabilities will be prioritized for faster resolution.

Disclosure — Coordinated

We practice coordinated disclosure. We will work with you to agree on a disclosure timeline. Public disclosure will not occur before a fix is available, unless the vulnerability is already being actively exploited.

Safe Harbor

We will not pursue legal action against security researchers who discover and report vulnerabilities in good faith, provided they:

Protected Activities

  • Act in good faith to avoid harm to our users and systems
  • Avoid accessing, modifying, or deleting data belonging to other users
  • Report findings promptly through this disclosure process
  • Allow reasonable time for remediation before public disclosure
  • Do not use findings for personal gain beyond recognition

Out of Scope

  • Social engineering or phishing attacks against employees or users
  • Denial of service attacks or resource exhaustion
  • Physical security testing
  • Automated scanning generating excessive traffic
  • Accessing or exfiltrating user data
  • Testing on systems not listed in the scope above

Recognition

We believe in recognizing the contributions of security researchers who help us improve our security posture. With your consent, we will acknowledge your contribution on our Security Advisories page. We do not currently operate a paid bug bounty program.

Policy Updates

This policy may be updated from time to time. The current version is always available at this URL. Last updated: April 2026.

Reference

Report a vulnerability

Use the secure form below to submit your findings. For encrypted communications, our PGP public key is available for download.

Submit Vulnerability Report

All submissions are treated as confidential. We will acknowledge receipt within 72 hours.