Security Reporting

Responsible Security Disclosure

Smart Biz iT welcomes responsible reports of potential security vulnerabilities affecting its public systems. Do not access client data, disrupt services, use social engineering, or perform destructive testing.

Submit a Security Report
Direct answer

How should a potential Smart Biz iT vulnerability be reported?

Use the approved contact path and provide the affected public asset, vulnerability type, reproduction steps, observed impact, supporting evidence, and a safe contact method. Stop testing when sensitive data, unauthorized access, service disruption, or material risk becomes possible.

Permitted reporting approach

Minimize impact

Use the least invasive method needed to confirm the issue and avoid accessing data beyond what is necessary.

Document clearly

Provide repeatable steps, timestamps, affected URLs or systems, and sanitized screenshots or request details.

Allow review

Do not publicly disclose an unresolved report before reasonable validation, remediation, and communication can occur.

Prohibited activity

Client data or systems

Do not access, test, modify, download, or disclose client information or client-managed environments.

Disruption and destruction

Do not perform denial-of-service, destructive testing, malware deployment, persistence, or data alteration.

Human targeting

Do not use phishing, impersonation, physical intrusion, credential attacks, or other social engineering.

Disclosure questions

Can sensitive evidence be sent through a normal website form?

Do not submit credentials, client data, or exploit material through an unapproved channel. Start with a high-level report and request a secure exchange method.

Does submitting a report authorize further testing?

No. Submission does not expand authorization. Stop and request guidance before any activity that could create additional risk.

Are rewards guaranteed?

No. This page does not establish a bug bounty or guarantee compensation.

Report clearly and avoid increasing the risk

Use the Approved Contact Path