Last Updated: 10/6/2025
Approved By: Executive Management
Version: 1.0
1. Purpose
PierCon Solutions is committed to maintaining the security and privacy of our systems, services, and client data. We value the contributions of the security research community and encourage responsible reporting of potential vulnerabilities. This policy provides guidelines for submitting vulnerability reports in a safe, lawful, and cooperative manner.
2. Scope
This policy applies to all public-facing systems and services owned or operated by PierCon Solutions, including: – The corporate website (piercon.net) – Client portals and SaaS applications – Any related subdomains or interfaces explicitly listed under our ownership
3. Out-of-Scope Activities
To ensure responsible testing, the following activities are strictly prohibited: – Physical attacks or social engineering (phishing, vishing, impersonation) – Denial-of-Service (DoS/DDoS) or load testing – Accessing, modifying, or destroying any customer data – Using automated scanners or tools that may degrade performance
4. Safe Harbor
If you make a good faith effort to comply with this policy:
- PierCon Solutions will not initiate legal action against you for your research activities.
- Your actions will be considered authorized under the Computer Fraud and Abuse Act (CFAA) and related laws.
- We will not pursue claims related to testing within the defined scope, provided there is no data exfiltration or service disruption.
To remain within the safe harbor, you must: – Stop testing immediately upon discovery of sensitive data. – Report vulnerabilities promptly and privately. – Avoid disclosing details publicly until remediation is confirmed.
5. Reporting a Vulnerability
Please report potential vulnerabilities to security@piercon.net with the following information:
- Affected system or URL
- Detailed description of the issue
- Steps to reproduce (proof of concept)
- Potential impact or severity
We request that you do not publicly disclose the issue until PierCon Solutions has verified and resolved it.
6. Response Process
- We will acknowledge receipt of your report within 5 business days.
- We will provide status updates and an estimated timeline for remediation.
- Once resolved, we may offer public recognition of your contribution (with your consent).
Our team prioritizes vulnerabilities based on severity, exploitability, and impact. We may contact you for clarification or additional testing details.
7. Recognition
PierCon Solutions appreciates the efforts of the security community. Researchers acting in good faith may be acknowledged publicly for valid findings, subject to mutual agreement and responsible disclosure timelines.
8. Contact
Security Team: security@piercon.net
Approved By:
Rich Conroy, President
PierCon Solutions, LLC