Vulnerability Disclosure Policy

This policy provides guidelines and a point of contact for researchers and members of the public to report potential security vulnerabilities within our software and systems.

Table of Contents
  1. Overview
  2. Reporting and Process
  3. Responsible Disclosure
  4. Safe Harbour
  5. Reward Policy

Overview

This policy covers any product or service wholly owned by Firelight Technologies to which you have lawful access. This policy does not cover the following activities, which may cause harm or disruption to our systems and business:

  • Clickjacking
  • Brute-force attacks
  • Social engineering or phishing
  • Network-based DoS or DDoS
  • Physical attacks
  • Anything that attempts to modify or destroy data

Reporting and Process

To report a vulnerability, send your findings to security@fmod.com. Please include as much detail as possible, including steps to reproduce the outcome so that we can verify and investigate thoroughly.

Upon receipt of a report, we will respond within 5 business days to confirm we have received the details. At this point we will start investigations internally.

In order to keep you updated on the status of your report, we will send you emails as any investigation and remediation take place.

Once we have resolved any confirmed vulnerabilities, we will notify you, and credit you per the Reward Policy.

Responsible Disclosure

We operate under a responsible disclosure method, and will treat any submission as serious during investigation. We will do our best to keep you updated on any progress while we work on your report. In return, we ask that you do not disclose any vulnerability until we have had time to investigate and fix it.

Safe Harbour

We consider security research vital to the safety of our customers, our users, and our business. As such, we will not pursue legal action against you for conducting security research that may lead to improvements in the safety and security of our customers and users, provided that:

  • research and disclosure are conducted in good faith
  • the guidelines in this policy are followed
  • you do not engage in activities that are illegal, harmful or disruptive to Firelight Technologies, its customers, employees or users.

Reward Policy

We are extremely thankful to the security research community for keeping us, our customers, and our users safe. Any report we receive is valuable and we appreciate the time and effort required to research, investigate and report vulnerabilities in any software.

We are unable to provide payment or other compensation for any potential or confirmed vulnerabilities; however, we will credit you as the person who discovered the vulnerability, unless you indicate that you would prefer us not to. We reserve the right to withhold such a credit if a provided name or alias is considered offensive.

     

© 2026 Firelight Technologies Pty Ltd | Made in Melbourne