Technical Strategic Solutions LLC
# Security Policy
Technical Strategic Solutions LLC takes the security of our website and the information entrusted to us seriously. We welcome reports from security researchers who identify vulnerabilities in our public-facing website and will work with them in good faith to address legitimate issues.
This page describes how to report a vulnerability, what you can expect from us, and what we ask of you.
---
## Scope
This policy applies to the following:
- technicalstrategicsolutions.com
- www.technicalstrategicsolutions.com
Any other systems, domains, subdomains, third-party services, or client environments are **not** in scope under this policy.
---
## Out of Scope
The following are explicitly **out of scope** and will not be treated as good-faith security research:
- Denial-of-service (DoS / DDoS) attacks or load testing
- Physical attacks against our facilities, personnel, or equipment
- Social engineering of employees, contractors, vendors, or clients
- Automated scanning that generates excessive traffic
- Attacks against any system not listed in the Scope section
- Reports based solely on automated scanner output without demonstrated impact
- Missing security headers or best-practice recommendations without a demonstrated vulnerability
- Issues in third-party services or libraries we do not control
- Self-XSS, clickjacking on pages with no sensitive actions, or other low-impact findings without a practical attack scenario
---
## How to Report a Vulnerability
If you have identified a vulnerability that appears to pose a real security risk, please report it to us by email:
**security@technicalstrategicsolutions.com**
Please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- The potential impact, as you understand it
- Any supporting evidence (screenshots, request/response captures, proof-of-concept code)
- Your name or handle, if you would like acknowledgment
---
## Safe Harbor
We consider security research conducted consistent with this policy to be authorized and in good faith. We will not pursue legal action against researchers who:
- Stay within the scope defined above
- Make a good-faith effort to avoid privacy violations, service disruption, and destruction of data
- Give us a reasonable opportunity to investigate and remediate before publicly disclosing the issue
- Do not exploit the vulnerability beyond what is necessary to confirm its existence
- Do not access, modify, or retain data belonging to us, our clients, or third parties
This authorization does not extend to activities that violate applicable law or cause harm beyond what is necessary to demonstrate the vulnerability.
---
## What You Can Expect From Us
- Acknowledgment of your report within **5 business days**
- Regular updates as we investigate and remediate
- Credit in any public acknowledgment of the fix, if you wish
- No legal action against researchers acting in good faith and within this policy
We are a small cybersecurity business and response times may vary, but we will make a reasonable effort to keep you informed.
---
## Disclosure
We ask that researchers give us a reasonable opportunity to investigate and remediate before publicly disclosing any vulnerability. A coordinated disclosure timeline of **90 days** is typical, and we are happy to discuss extensions or earlier disclosure on a case-by-case basis.
---
## No Bug Bounty
We do not currently operate a paid bug bounty program. Reports are accepted on a voluntary basis, and we appreciate the contribution of the security research community.
---
## Contact
Security reports: security@technicalstrategicsolutions.com
Last updated: April 2026