SP GROUP

Responsible Disclosure

We welcome reports of security vulnerabilities affecting SP GROUP systems and services. Please follow the guidelines below to help us triage and remediate issues efficiently.

Guidelines

  • Do not access or exfiltrate data beyond what is necessary to demonstrate the issue.
  • Do not disrupt services (e.g., denial of service) or degrade performance.
  • Do not attempt social engineering or physical intrusion.
  • Provide clear steps to reproduce, affected scope, and potential impact.

Reporting

Send reports to sopheak.pa@spgrp.co with the subject "Responsible Disclosure". Include contact details for follow-up.

Legal Safe Harbor

When acting in good faith and in accordance with these guidelines, SPG will not initiate legal action against researchers for reporting vulnerabilities.

Acknowledgement

Where appropriate, we will acknowledge contributions and notify you upon remediation.