Advisory Rumble51 (3)

ETHICAL HACKING & VULNERABILITY DISCLOSURE POLICY

Effective Date: 30th January 2025

Review Intervals: 6 months or as required
Approved by: Luke McFarland

  1. Purpose

McFarland Consulting & Advisory ("MCA") is committed to maintaining the security and integrity of our systems, services, and client data. This policy outlines the rules for ethical hacking, penetration testing, bug bounty programs, and responsible vulnerability disclosure to encourage security research while preventing unauthorized access.

  1. Scope

This policy applies to:

  • Security researchers, ethical hackers, and penetration testers.
  • Employees, contractors, and third parties engaged in security testing.
  • Any individual or entity reporting vulnerabilities in MCA’s systems.
  1. Authorized Security Testing

3.1 Permitted Activities

The following activities are authorized only with prior written consent from MCA:

  • Penetration testing of MCA-owned systems.
  • Vulnerability scanning and security assessments.
  • Participation in official bug bounty programs (if applicable).

3.2 Prohibited Activities

Unauthorized security testing is strictly prohibited and may result in legal action. Prohibited activities include:

  • Exploiting vulnerabilities beyond proof-of-concept.
  • Exfiltrating, modifying, or deleting data.
  • Denial-of-service (DoS/DDoS) attacks.
  • Social engineering or phishing against MCA personnel.
  • Testing third-party systems not owned by MCA.
  1. Responsible Disclosure & Bug Bounty Program

4.1 Reporting Vulnerabilities

Security researchers are encouraged to report vulnerabilities responsibly by:

  1. Submitting findings to: [Insert Contact Email/Security@mcfa.com].
  2. Including details such as:
    • Affected system/URL.
    • Steps to reproduce.
    • Potential impact.
    • Suggested remediation (if applicable).

4.2 Disclosure Guidelines

  • Researchers must allow MCA a reasonable time (typically 30-90 days) to remediate the issue before public disclosure.
  • MCA may acknowledge researchers in security advisories (if desired by the reporter).

4.3 Bug Bounty Rewards (If Applicable)

MCA may offer monetary or non-monetary rewards for valid vulnerabilities at its discretion. Rewards are based on:

  • Severity (CVSS score).
  • Impact on confidentiality, integrity, or availability.
  • Quality of the report.
  1. Legal Protections

MCA will not pursue legal action against researchers who:

  • Act in good faith and comply with this policy.
  • Avoid privacy violations, data destruction, or service disruption.

Exceptions:

  • Malicious exploitation.
  • Violation of laws (e.g., CFAA, GDPR).
  1. Policy Compliance

Failure to comply with this policy may result in:

  • Termination of testing privileges.
  • Legal consequences for unauthorized access.
  • Disqualification from bug bounty rewards.
  1. Policy Updates

MCA reserves the right to modify this policy at any time. Changes will be communicated via [website/email].

  1. Contact Information

For security-related inquiries, contact:
Email: Enquiries@Mcfarland-Consulting.com

Policy Owner: McFarland Consulting & Advisory

© 2025 McFarland Consulting & Advisory

"PIVOT. PERFORM. PROFIT."

All rights reserved.

Site Map -->

Our Disciplines
Our Sectors
Our policies

Contact

Contact Us

Melbourne Australia

+61 491 276 765

Enquiries@McFarland-Consulting.com

 

On TIK TOK | YouTube | Spotify @McFarlandConsulting777