Deerwood Technologies

IT Solutions for Business

Security Vulnerability Disclosure Policy

Report a Security Vulnerability

Our Commitment to Security

Deerwood Technologies, Inc. supports public safety and criminal justice agencies by maintaining secure, resilient, and compliant information systems. Protecting sensitive law‑enforcement data—including Criminal Justice Information (CJI)—is a core responsibility of our organization.

We recognize that responsible security research helps identify and reduce risk. This policy provides a clear, authorized, and public method for reporting potential security vulnerabilities in systems owned, operated, or managed by Deerwood Technologies, Inc.

Scope and Authorized Security Testing Boundaries

This policy applies to security vulnerabilities discovered in:

  • Company‑owned websites and web applications
  • Customer and partner portals
  • APIs and supporting infrastructure
  • Cloud and on‑premise systems administered by Deerwood Technologies, Inc.

To protect system availability and data integrity, the following are outside the scope of this policy:

  • Social engineering (phishing, impersonation, pretexting)
  • Physical security or facility access attempts
  • Denial‑of‑service (DoS) or stress testing
  • Testing systems not owned or explicitly authorized by Deerwood Technologies, Inc.

Authorized Good‑Faith Security Research

Deerwood Technologies, Inc. considers security research conducted in good faith and in accordance with this policy to be authorized.

We will not pursue civil or criminal action against individuals who:

  • Act responsibly and in good faith
  • Avoid access to customer or criminal justice data
  • Do not disrupt production services
  • Limit testing to what is necessary to validate a vulnerability

This authorization exists to improve security and reduce risk across the systems that support our customers and public‑safety partners.

Security Vulnerability Reporting Form

The reporting form is intended for the responsible disclosure of technical security issues and is monitored by our security staff.

When submitting a report, please include as much of the following information as possible:

  • Affected system, application, or URL
  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential security impact
  • Any relevant screenshots or proof‑of‑concept materials

Do not include Criminal Justice Information (CJI), personal data, or confidential customer information in the form.

Responsible Security Disclosure

To support coordinated remediation and reduce risk, we ask that reporters allow reasonable time for our team to investigate and implement corrective actions, and refrain from public disclosure until remediation is complete or a mutually agreed timeframe has elapsed.

What You Can Expect From Us

Upon receiving a vulnerability report, Deerwood Technologies will acknowledge the submission, validate and assess its potential impact, initiate appropriate remediation or risk‑mitigation efforts, and provide status updates as appropriate throughout the process.

Legal and Data Protection Notice

Please do not submit Criminal Justice Information (CJI), personal data, or confidential customer information as part of vulnerability reports.

This policy does not authorize access to data beyond what is necessary to identify a technical security issue.

Deerwood Technologies, Inc. does not require indefinite non‑disclosure and supports coordinated responsible disclosure practices.

Last Updated: March 31, 2026