Security and Responsible Disclosure

Last updated: 14 May 2026 · Applies to the NCLOPS public website and coordinated disclosure for related CIL-operated surfaces

Cecure Intelligence Limited (“CIL”) takes the security of the NCLOPS public website and associated infrastructure seriously. This page summarises baseline technical controls and explains how security researchers and the public can report vulnerabilities responsibly.

Emergency or active incident? If you believe data is actively being exfiltrated or systems are being disrupted, include “URGENT” in the subject line when emailing nclops@cil.support and provide timestamps, affected URLs, and indicators of compromise where safe to do so.

1. Baseline security measures (public website)

Depending on environment configuration, controls typically include:

2. What is in scope for this disclosure process

We welcome reports concerning:

3. What is out of scope or handled elsewhere

4. Responsible disclosure expectations

Please:

We do not promise a bounty programme by default; recognition may be offered at CIL’s discretion.

5. What to include in your report

6. Legal

We will not pursue legal action against researchers who comply with this process and applicable law. Unlawful access remains prohibited.

7. Contact

Send security reports to nclops@cil.support. This address is the correspondence hub for NCLOPS public-site security coordination; we may route internally to dedicated security responders.