Security & Responsible Disclosure

Reporting a Vulnerability

Please email security@xthab.com with a clear description of the issue, the affected product or page, and steps to reproduce it. We aim to acknowledge reports within 3 business days.

For machine-readable contact details, see /.well-known/security.txt.

Coordinated Disclosure

We follow coordinated disclosure: please give us a reasonable opportunity to investigate and remediate before publishing any details. We will keep you informed of progress and credit you (with your permission) once a fix is released.

Scope

This page covers the xthab.com corporate website and the publicly listed xthAB Limited products: BOware, Cyfero, Villip, and tawqi3. Please do not perform testing that could degrade service for other users (e.g. denial-of-service, automated scanning at high rates, or social engineering of staff).

Safe Harbour

Good-faith security research carried out in accordance with this policy is welcomed and will not result in legal action from xthAB Limited.