Security Disclosure Policy

1. Scope

This policy applies to security vulnerabilities found in:

• Trend Outlet LLC's official website and web applications
• Our publicly accessible APIs and endpoints
• Our client-facing portals and dashboards

This policy does NOT cover vulnerabilities in third-party services or client systems unless explicitly engaged under a signed penetration testing agreement.

2. Responsible Disclosure Guidelines

If you discover a security vulnerability, please:

• Report it promptly and in good faith to support@alhussinijo.com
• Provide sufficient detail to reproduce and verify the issue
• Allow us reasonable time to investigate and remediate before public disclosure
• Not exploit the vulnerability or access data beyond what is necessary to demonstrate it
• Not perform denial-of-service attacks, social engineering, or physical attacks
• Not disclose the vulnerability to third parties before we have addressed it

3. Our Commitments

In return, we commit to:

• Acknowledge receipt of your report within 48 hours
• Provide regular updates on our remediation progress
• Not pursue legal action against researchers acting in good faith
• Credit researchers in our security acknowledgments (if desired)
• Work toward remediation within 90 days for critical vulnerabilities

4. What to Include in Your Report

• Type and classification of vulnerability (e.g., XSS, SQLi, IDOR)
• Affected URL, endpoint, or component
• Step-by-step reproduction instructions
• Proof-of-concept code or screenshots (if applicable)
• Potential impact and severity assessment

5. Out of Scope

• Denial of Service (DoS/DDoS) attacks
• Spam or social engineering
• Physical security attacks
• Vulnerabilities in third-party dependencies (report to the respective vendor)
• Issues without demonstrable security impact

6. Contact

Submit security reports to: support@alhussinijo.com

For sensitive disclosures, please request our PGP key in your initial email.