Responsible Disclosure

Effective date: 30 October 2025

AresISEC d.o.o. values the security of its systems and the responsible reporting of security vulnerabilities.

Reporting a vulnerability

If you believe you have discovered a security vulnerability affecting our website, services, or publicly available resources, we encourage you to report it responsibly.

Please send your report to:

Email: info@aresisec.hr

What to include

When reporting a vulnerability, please include:

a clear description of the issue,
the affected URL, system, or component,
steps to reproduce the issue, where possible,
any relevant screenshots or logs.

Guidelines

We ask that you:

do not exploit the vulnerability beyond what is necessary to demonstrate it,
do not access, modify, or delete data that does not belong to you,
do not publicly disclose the vulnerability before it has been addressed.

Our commitment

AresISEC d.o.o. commits to:

acknowledging receipt of valid reports within a reasonable timeframe,
assessing reported issues in good faith,
working to remediate confirmed vulnerabilities in a timely manner.

This Responsible Disclosure policy does not authorize security testing beyond the scope of publicly accessible systems and does not provide permission to conduct denial-of-service attacks, social engineering, or physical security testing.