Authorized Testing Only
Gear Six welcomes responsible reports about its own website or systems, but does not authorize testing of third-party systems. Testing of client systems requires appropriate authorization and scope.
Security
Security
Gear Six Labs treats client software, test evidence, and engagement records as confidential according to agreed scope and contract terms.
Security Overview
Testing work starts with scope and authorization.
Gear Six Labs supports software testing, QA, release-readiness review, public-surface Preflight intake, and evidence-package work. Security-sensitive work is handled according to the agreed engagement scope, authorization, and intake expectations.
Preflight Boundaries
Public Preflight is passive and public-surface only. It does not require and should not receive credentials, source code, API keys, installers, mobile packages, confidential files, regulated data, or customer data.
Data Handling
Public form submissions, Preflight artifacts, and engagement records are handled for intake, review, scoping, operational records, abuse prevention, and follow-up. Client engagement data is handled according to agreed contract terms.
Access and Credentials
Do not submit passwords, tokens, private keys, API keys, production credentials, or customer data through public website forms. Credentialed work requires a separate controlled intake process.
Reporting Security Concerns
To report a concern about the Gear Six website or public systems, use the public contact route or email [email protected] with a concise description and safe reproduction details.
Responsible Disclosure
Reports should avoid service disruption, data access, persistence, social engineering, automated exploitation, or testing outside Gear Six-owned systems. Gear Six may ask for additional information to assess the report.
Client Engagement Security
Credentialed testing, API testing, security hygiene screening, performance/load testing, AI-powered product testing, or software evidence-package work requires scoped authorization and appropriate intake/security review.
Contact
For security-related questions, use the contact page or the existing public Gear Six contact route. Include the affected URL, description, timing, and your preferred contact method.
Contact
Need a scoped testing or security-hygiene conversation?
Start with the public contact form and avoid submitting credentials or confidential material until scope and handling are agreed.