If you believe you have found a security issue affecting VTEC systems, website, or client-facing services operated by VTEC, please report it to [email protected]. We accept reports in English or Arabic.
What to include
- A clear description of the issue
- The affected URL, page, endpoint, or feature
- Steps to reproduce
- Proof of concept, screenshots, or logs where useful
- Your contact details for follow-up
In scope
- www.vtec-jo.com
- Public VTEC web properties and services directly operated by VTEC
- Security issues affecting confidentiality, integrity, or availability of VTEC-operated systems
Out of scope
- Social engineering
- Phishing
- Physical attacks
- Denial of service or spam attacks
- Reports based only on missing headers or scan noise without a real exploit path
- Issues in third-party services not operated by VTEC
- Automated scan output without validation
Rules
- Do not access, modify, or delete data that does not belong to you
- Do not disrupt service availability
- Do not use social engineering, extortion, or public disclosure before giving reasonable time to review
- Test only what is necessary to confirm the issue
What we will do
- Acknowledge receipt as soon as reasonably possible
- Review and assess report validity
- Work on remediation where appropriate
- Credit researchers on the acknowledgements page when suitable and mutually agreed
Legal note
This page does not grant permission for unrestricted testing. It is a reporting and disclosure page, not blanket authorization.
Security acknowledgements are published at /security/thanks.