Responsible Disclosure

Flobe Industries treats security research as a partnership. We will not pursue legal action against researchers acting in good faith under this policy.

flobe.industries and its subdomains; published software artefacts signed by Flobe Industries. Out of scope: third-party services, social engineering, denial-of-service.

Send a detailed report to security@flobe.industries. Include reproduction steps, impact assessment and any proof-of-concept. Encrypted submissions are preferred.

We acknowledge reports within 72 hours, provide a triage update within 10 business days, and coordinate disclosure timing with the reporter once a remediation path is in place.

Researchers who follow this policy and materially improve our security posture are credited in our public acknowledgements unless they prefer to remain anonymous.