Responsible Disclosure Policy

Last updated: December 15, 2025

ZeusTier values collaboration with the global security research community and encourages responsible reporting of vulnerabilities to help protect our systems and users.

1.

Scope

  • ZeusTier-owned domains and infrastructure
  • Public-facing applications and services operated by ZeusTier

Third-party services are excluded unless explicitly stated.

2.

How to Report a Vulnerability

Please submit reports to: security@zeustier.com Include: • Detailed description of the issue • Proof of concept (non-destructive) • Affected assets • Date and time of discovery

3.

Researcher Guidelines

  • Act in good faith
  • Avoid accessing, modifying, or deleting data
  • Avoid service disruption
  • Allow reasonable time for remediation
4.

Legal Safe Harbor

  • Follow this policy
  • Do not exploit vulnerabilities maliciously
  • Respect user privacy and data

ZeusTier commits not to initiate legal action against researchers who adhere to these principles.

5.

Disclosure Process

  • Acknowledge reports
  • Assess and prioritize remediation
  • Communicate as appropriate
6.

No Bug Bounty Program

ZeusTier does not currently offer a public bug bounty unless stated otherwise.