Guidelines for security researchers reporting vulnerabilities in LYNX to BreaktroughF1 LLP.
1. Our Commitment
We welcome reports from the security research community and commit to:
Acknowledging receipt within 2 business days
Providing an initial triage assessment within 7 business days
Working with you on coordinated disclosure timing (typically 90 days)
Not pursuing legal action against researchers acting in good faith
2. Scope
In Scope
- LYNX desktop & firmware
- LYNX web dashboard
- Federated Learning infrastructure
- Authentication subsystems
Out of Scope
- Social engineering / phishing
- Denial-of-service (DoS) attacks
- Third-party library 0-days
- Physical hardware attacks
3. How to Report
Send your report to security@breaktroughf1.com. Please include reproduction steps, proof-of-concept code, and affected versions.
4. Rules of Engagement
To qualify for safe harbour, you must report privately, avoid modifying or deleting user data, and give us a reasonable period (default 90 days) to release a fix before public disclosure.
5. Severity & SLA
Patch within 7 days
Patch within 30 days
Patch within 90 days