Contact: mailto: rcusecurity@roguecu.org
Expires: 2026-06-30T08:00:00.000Z
Encryption: https://roguecu.org/corporate/publickey.txt
Preferred-Languages: en
Hall of Fame: https://roguecu.org/corporate/thankyou.txt
  
By submitting this report, you acknowledge and agree that no compensation is owed or implied, and that all activity related to the discovery was conducted in accordance with applicable laws and without unauthorized access to data or systems.
  
  
SAFE HARBOR AGREEMENT
  
Rogue Credit Union supports responsible security research and offers the following safe harbor protections:
  
1. No Legal Action for Good Faith Research
  
If security research is conducted in good faith and within the scope of this agreement, Rogue Credit Union will not initiate legal action against researchers under laws such as the Computer Fraud and Abuse Act (CFAA) or the Digital Millennium Copyright Act (DMCA).
  
2. Authorized Testing & Scope Limitations
  
Researchers are permitted to conduct security testing only on in-scope assets. Testing activities must not include:
Exfiltrating or modifying customer PII data
Service disruptions (e.g., DoS attacks, brute-force attempts)
Social engineering, phishing, or unauthorized physical access
  
We do not accept low or informational findings. 
  
3. Responsible Disclosure Requirements
  
Researchers must:
Report vulnerabilities as soon as possible.
Avoid publicly disclosing vulnerabilities until Rogue Credit Union has had a reasonable time to address them.
Provide detailed reports to aid in resolution.
  
4. No Retaliation or Criminal Complaints
  
We will not pursue criminal complaints, account suspensions, or other retaliatory actions against researchers who adhere to this policy and act in good faith. 
  
5. Handling of Sensitive Data
  
Researchers must not access, store, or share sensitive non-public personal information (NPI) or customer financial data. If such data is accidentally accessed, it shall not be stored or shared and must be reported immediately.