Responsible Vulnerability Disclosure Policy

Our Commitment

Connect 5G, Inc. is committed to the security of our systems and the protection of our customers' data. We welcome reports from security researchers and the public regarding potential vulnerabilities in our services, including the Opus-M platform.

Scope

This policy applies to vulnerabilities discovered in:

• connectvg.com and its subdomains
• Opus-M platform and associated interfaces
• Any Connect 5G-operated infrastructure or services

How to Report

To report a suspected vulnerability, please email [email protected] with the following information:

• Description of the vulnerability and its potential impact
• Steps to reproduce the issue
• Any relevant screenshots, logs, or proof-of-concept (non-destructive)
• Your contact information (optional, but helpful for follow-up)

Our Response Commitments

• Acknowledgment: Within 5 business days of receipt
• Status update: Within 15 business days
• Resolution timeline: Communicated on a case-by-case basis depending on severity

Guidelines for Researchers

We ask that you:

• Act in good faith and avoid actions that could harm our systems or customers.
• Do not access, modify, or delete data that does not belong to you
• Do not perform denial-of-service attacks or social engineering
• Report findings privately before any public disclosure

We will not pursue legal action against researchers who follow these guidelines.

Recognition

While we do not currently operate a bug bounty program, we are grateful for responsible disclosures and will acknowledge researchers (with permission) who help us improve our security posture.

Connect 5G, Inc. reserves the right to update this policy at any time.