Security

If you believe you have found a security issue affecting VTEC systems, website, or client-facing services operated by VTEC, please report it to [email protected]. We accept reports in English or Arabic.

What to include

  • A clear description of the issue
  • The affected URL, page, endpoint, or feature
  • Steps to reproduce
  • Proof of concept, screenshots, or logs where useful
  • Your contact details for follow-up

In scope

  • www.vtec-jo.com
  • Public VTEC web properties and services directly operated by VTEC
  • Security issues affecting confidentiality, integrity, or availability of VTEC-operated systems

Out of scope

  • Social engineering
  • Phishing
  • Physical attacks
  • Denial of service or spam attacks
  • Reports based only on missing headers or scan noise without a real exploit path
  • Issues in third-party services not operated by VTEC
  • Automated scan output without validation

Rules

  • Do not access, modify, or delete data that does not belong to you
  • Do not disrupt service availability
  • Do not use social engineering, extortion, or public disclosure before giving reasonable time to review
  • Test only what is necessary to confirm the issue

What we will do

  • Acknowledge receipt as soon as reasonably possible
  • Review and assess report validity
  • Work on remediation where appropriate
  • Credit researchers on the acknowledgements page when suitable and mutually agreed

Legal note

Security acknowledgements are published at /security/thanks.