Responsible Disclosure

Our policy for reporting and handling security vulnerabilities.

Last updated: March 2026

Our Commitment

Pierce Power Consulting (PPC) takes the security of its digital assets seriously. We welcome good-faith reports of potential vulnerabilities in our website or any other PPC-managed digital property. We will work with researchers to understand and address confirmed issues promptly.

Scope

This policy applies to the following assets:

  • piercepowerconsulting.com — the primary public website and all content served from it

This policy does not cover third-party platforms (e.g., GitHub, Google Fonts, LinkedIn) whose own vulnerability programs should be used for issues on those platforms.

How to Report

Please email your findings to info@PiercePowerConsulting.com with the subject line “Security Vulnerability Report.” A machine-readable contact reference is also available at /.well-known/security.txt.

Your report should include, where possible:

  1. A clear description of the vulnerability.
  2. The URL or asset affected.
  3. Steps to reproduce the issue.
  4. The potential impact as you assess it.
  5. Any supporting screenshots, logs, or proof-of-concept (non-destructive only).

Response Timelines

  • Acknowledgment: We will acknowledge receipt of your report within 3 business days.
  • Initial assessment: We will provide an initial assessment of severity and scope within 10 business days.
  • Remediation: We aim to remediate confirmed vulnerabilities within 30 calendar days for high-severity issues and within 90 calendar days for lower-severity issues. Complex issues may require longer timelines; we will keep you informed.

Safe Harbor

PPC will not pursue legal action against security researchers who:

  • Report vulnerabilities through this disclosure process in good faith.
  • Do not access, modify, or exfiltrate data beyond what is necessary to demonstrate the vulnerability.
  • Do not disrupt site availability or perform denial-of-service testing.
  • Allow us a reasonable period to address the issue before public disclosure.

We ask that researchers act responsibly and avoid actions that could harm users or the integrity of our services.

Disclosure Coordination

We request that you allow PPC reasonable time to remediate a confirmed vulnerability before any public disclosure. We are committed to transparent coordination and will work with you to agree on an appropriate disclosure timeline.

Contact

Email info@PiercePowerConsulting.com — subject line: Security Vulnerability Report.
See also: Security Overview | security.txt