Vulnerability Disclosure Policy

Zero Science Lab (ZSL) - Macedonian Information Security Research and Development Laboratory

Mission: As a non-profit dedicated to advancing cybersecurity, we responsibly disclose
vulnerabilities to protect users and drive vendor accountability.

All research and disclosure actions are conducted in good faith, with no intent to harm,
disrupt, or exploit systems.

Policy:
Vendor Notification: Upon identifying a vulnerability, ZSL initiates one contact attempt
through verified vendor channels.

Coordinated Disclosure: If the vendor responds, we allow up to 90 days (case-specific)
for patch development and collaborate on disclosure.

Non-Response: No vendor response after initial contact attempt triggers public advisory release.

Abandoned Collaboration: If a vendor halts communication or fails to provide updates during
coordination, ZSL may release all findings immediately.

User-First Transparency: Disclosures prioritize user safety, technical precision, and public
awareness.

Legal Disclaimer: ZSL assumes no liability for any actions taken based on these disclosures,
and expects all involved parties to comply with applicable laws and regulations.

Researchers or vendors may contact us securely via PGP: https://www.zeroscience.mk/pgp/zsl-pubkey.asc

ZSL balances rigorous research with ethical disclosure to strengthen global cybersecurity.

Effective: August 02, 2007
Contact: lab@zeroscience.mk