Del Security

Vulnerability Submission

We operate a private submission and evaluation program. Submissions are reviewed for reproducibility, impact, and responsible coordination readiness.

How to submit

  • Target and affected version details
  • Minimum reproduction checklist with exact steps
  • Environment assumptions and prerequisites
  • Observed impact and security relevance
  • Evidence artifacts: logs, screenshots, trace output, or PoC notes

Submit via contact@del-sec.com. For sensitive content, encrypt using the PGP public key.

What we accept / don't accept

We accept

  • Authorized research context
  • Technically reproducible findings
  • Clear impact articulation and affected scope
  • Good-faith coordination intent

We decline

  • Unauthorized access or intrusive activity requests
  • Stolen data submissions or provenance gaps
  • Low-quality claims without reproducible evidence

Submission spec sheet format

Use this structure to improve triage speed and reproducibility. Plain text or Markdown is preferred. 

Title:
Vulnerability class:
Target / product:
Affected versions:
Tested environment:
Prerequisites:
Reproduction steps:
Expected result:
Observed result:
Impact summary:
Artifacts (logs/screenshots/PoC):
Researcher contact:

Evaluation process

Initial triage, technical validation, partner-ready report preparation, and responsible coordination. We provide status milestones throughout active review.

  1. 01

    Intake

    Initial contact, context capture, and secure channel setup.

    Initial contact and context capture. Partners define objectives, assets, and secure channels. Researchers submit affected versions and reproducible evidence.

  2. 02

    Scoping & legal check

    Authorized scope review, legal alignment, and engagement terms.

    Scope review and authorization alignment. Contract terms, legal boundaries, and engagement rules are confirmed before execution begins.

  3. 03

    Execution

    Research and technical analysis within agreed constraints.

    Technical research and controlled validation proceed within agreed scope and constraints.

  4. 04

    Validation

    Impact, stability, and reproducibility checks in controlled conditions.

    Impact, stability, and reproducibility are verified in controlled conditions. Findings are confirmed before reporting.

  5. 05

    Delivery

    Partner-ready report delivery, briefings, and remediation guidance.

    Partner-ready report with remediation guidance is delivered. Triage status and outcome summary are shared with researchers.

  6. 06

    Retest & close

    Fix verification, residual risk notes, and engagement closure.

    Fix verification, residual risk documentation, and engagement closure. Patch validation and closure notes are completed.

Typical response ranges

These are typical ranges, not guaranteed service commitments.

Compensation

Compensation decisions are case-by-case. No fixed amounts are guaranteed. Submissions are evaluated against the following criteria:

  • Impact severity — Evaluated using a critical / high / medium / low framework based on exploitability and potential damage.
  • Novelty and originality — Previously unknown vulnerabilities or novel attack vectors are weighted higher.
  • Reproducibility quality — Clear reproduction steps, environment details, and supporting artifacts improve evaluation outcomes.
  • Affected scope and versions — Broader impact across versions or components increases consideration.

Discreet submissions

We can receive discreet submissions and maintain confidential communication channels when sensitive coordination is required.

PGP quick guide

  1. Download our public key from /pgp.txt.
  2. Encrypt your submission package and include your contact details.
  3. Send encrypted content to contact@del-sec.com.