• 254 Chapman Road Newark, DE,USA 19702
  • Monday - Friday: 9 am - 6 pm
Need help? +1 (256) 587-7064

Responsible Disclosure Policy

Starlink Nexus LLC encourages collaboration with external security researchers to ensure the security and integrity of our systems. If you discover any vulnerabilities, please report them in accordance with this Responsible Disclosure Policy.

Rules

To maintain a constructive and secure process, all submissions must adhere to the following rules:

Scope Compliance: Submissions must align with the scope defined in this policy.

Confidentiality: Information about vulnerabilities must remain confidential between you and Starlink Nexus LLC indefinitely.

No Disclosure: The vulnerability cannot be disclosed in any medium or form without explicit written consent from Starlink Nexus LLC.

Integrity Preservation: Do not conduct attacks that compromise the integrity of our services. For example, DDoS attacks are strictly prohibited.

No Compensation Claims: By participating, you waive any claims for compensation arising from disclosures accepted by Starlink Nexus LLC.

………………………………………………………………………………………………………………………………….

Requests for Compensation

We do not provide monetary compensation for reported vulnerabilities. Requesting compensation will result in non-compliance with this policy. However, at our discretion, we may choose to provide non-monetary rewards such as company-branded swag.

…………………………………………………………………………………………

Scope

In Scope:

The following targets are eligible for testing under this policy:

Starlink Nexus LLC’s website at https://starlinknexus.com.

Subdomains under https://{subdomain}.starlinknexus.com.

…………………………………………………………………………………………………………………………………………

Out of Scope:

The following are considered out of scope:

  • Social engineering attacks.
  • Distributed Denial of Service (DDoS) attacks.
  • Automated scripts, tools, or scanners.
  • Spelling errors, UI/UX bugs, or minor cosmetic issues.
  • Issues unrelated to the latest versions of modern browsers.
  • General best practice concerns.
  • Duplicate vulnerabilities across multiple subdomains.
  • Self-XSS attacks.
  • Non-impactful vulnerabilities, including but not limited to:
  • Open redirects without proven security implications.
  • Missing cookie flags or security headers.
  • Cross-domain referrer leakage.
  • Email spoofing (SPF, DMARC, or DKIM).
  • Weak SSL/TLS configuration reports.
  • Known issues or vulnerabilities in third-party software without a proven exploit.
  • Physical attacks requiring direct device access.

………………………………………………………………………………………………………………………………………..

How to Report

Please report all vulnerabilities via email to [email protected] with the following details:

Details Required:

Full Name:

Mobile Number:

LinkedIn Profile:

Bug Details:

Name of the Vulnerability:

Description of the Vulnerability:

Proof of Concept (PoC):

Detailed Steps to Reproduce:

……………………………………………………………………………………………………………………………………….

Complying with This Policy

By adhering to the guidelines in this policy, Starlink Nexus LLC commits to:

Refraining from pursuing civil or criminal legal action or filing complaints to law enforcement for accidental, good-faith violations of this policy, provided no damage is caused.

Collaborating with you to validate and resolve reported vulnerabilities.

Keeping you informed of our remediation timeline after verifying the authenticity of the reported issue.

……………………………………………………………………………………………………………………………………….

Public Disclosure

This program enforces a “Public Nondisclosure” policy, which means:

No public disclosure is permitted without prior written approval from Starlink Nexus LLC.

Unauthorized public disclosure of vulnerabilities will result in legal action.

Hall of Fame