Vulnerability Disclosure Policy
Tailwind Resource Group is committed to the security of our systems and the data entrusted to us. We welcome reports from security researchers and will work with you to address verified vulnerabilities promptly.
Scope
This policy covers tailwindrg.com and its subdomains, including web applications and APIs operated by Tailwind Resource Group. Third-party services, social engineering, denial-of-service testing, and physical security are out of scope.
Safe Harbor
We will not pursue legal action against researchers who report vulnerabilities in good faith and follow this policy. We ask that you avoid accessing or modifying data that does not belong to you, and that you give us reasonable time to address issues before any public disclosure.
What to Expect
- We will acknowledge your report within 3 business days.
- We will investigate and work to resolve verified vulnerabilities in a timely manner.
- We do not operate a paid bounty program at this time.
Credit & Disclosure
We are happy to credit researchers in any public disclosure unless you prefer to remain anonymous. We will share as much information about resolved vulnerabilities as we are legally permitted, subject to contractual obligations and agreements with third parties.
Report a Vulnerability
Use the form below or email [email protected] directly.
Report received
Thank you for your report. Our security team will review it and respond promptly.