Security & Vulnerability Disclosure

Arkos Systems is committed to responsible security practices.

1. Reporting a Vulnerability

If you discover a potential vulnerability affecting arkossystems.com, Subdomains, Arkos-hosted software, or Systems operating under Arkos Defense or Arkos Learning Solutions, please report to: security@arkossystems.com

Include:

• Description of the issue
• Steps to reproduce
• Impact assessment
• Proof-of-concept (if applicable)

2. Responsible Disclosure Commitment

If you act in good faith and: Avoid privacy violations, Avoid data destruction, Do not exploit the vulnerability, and Provide reasonable time for remediation, Arkos Systems will not pursue legal action under applicable computer misuse laws.

3. Scope

This policy applies only to systems owned and operated by Arkos Systems, LLC. It does not apply to third-party vendors.

4. Response Process

• Acknowledgment within a reasonable timeframe
• Internal investigation
• Remediation planning
• Optional coordinated disclosure

5. Exclusions

This policy does not authorize:

• Social engineering
• Physical intrusion
• Denial-of-service attacks
• Automated large-scale scanning
• Access to data unrelated to testing