Responsible Disclosure Policy

Found a security issue? Here is how to report it safely.

We welcome reports of security vulnerabilities in MTC Skopos and our website. Email a description and reproduction steps to info@meylan-tc.com. We will acknowledge your report within 5 business days, keep you updated as we investigate, and we will not pursue legal action against good-faith research that follows this policy.

Meylan Technologies & Consulting Sàrl takes the security of MTC Skopos seriously. If you are a researcher, customer, or user and you find a weakness, telling us privately first gives us the chance to fix it before it can be misused.

How to report a vulnerability

Send an email to info@meylan-tc.com with:

  • A clear description of the issue and the potential impact
  • Step-by-step instructions to reproduce it
  • The affected component (the MTC Skopos application, an extractor, or a mtcskopos.com URL) and version where relevant
  • Any proof-of-concept code, screenshots, or logs that help us understand it

Please report privately and give us reasonable time to respond before any public disclosure.

Our commitment

When you report in good faith under this policy, we will:

  • Acknowledge receipt within 5 business days
  • Give you an assessment and expected timeline within 10 business days
  • Keep you informed as we work on a fix
  • Credit you for the discovery if you would like to be named, once the issue is resolved

Scope

This policy covers:

  • The MTC Skopos desktop application and its extractor components
  • The mtcskopos.com website

Out of scope

The following are not eligible and should not be attempted:

  • Denial-of-service (DoS/DDoS) and volumetric or brute-force attacks
  • Social engineering, phishing, or physical attacks against staff or offices
  • Reports from automated scanners without a demonstrated, exploitable impact
  • Issues in third-party services we do not control
  • Testing against other customers' systems or any system you are not authorized to test

Safe harbor

We consider security research conducted in line with this policy to be authorized. We will not initiate legal action against you for good-faith research that respects the scope above, avoids privacy violations and data destruction, and gives us a reasonable chance to remediate before disclosure. If a third party brings action against you for activity that complied with this policy, we will make it known that your actions were authorized.

If you are unsure whether a specific test is allowed, ask us first at info@meylan-tc.com.