SPEY SYSTEMS
portfolio about contact
portfolio · about · contact
Security

Security disclosure policy.

Spey Systems Ltd takes security seriously. This page describes how to report vulnerabilities responsibly and what to expect in response.

Last reviewed May 2026

Scope

This policy applies to all systems operated by Spey Systems Ltd, including speysystems.com, axilog.io, speytech.com, app.speybooks.com, and speybooks.com.

For vulnerabilities in open-source repositories hosted at github.com/SpeyTech, use GitHub's private vulnerability reporting feature where available, or contact the address below.

How to report

Send a description of the vulnerability to security@speysystems.com with the subject line "Security disclosure".

Include as much detail as is practical: affected system, reproduction steps, potential impact, and your assessment of severity. Do not include credentials, personal data belonging to others, or exploit code in an initial report.

Encrypted correspondence is supported. The public key for security@speysystems.com is available at:

keys.openpgp.org

Fingerprint
542B D27C 60AD 4BDE E2DD D1EA 3C0B 2A08 4F0F 132B
Key type
Ed25519
Created
15 May 2026

Response timeline

Acknowledgement
Within 5 working days of receipt
Initial assessment
Within 10 working days
Resolution target
Within 90 days for critical issues; longer for complex architectural issues with advance notice
Disclosure
Coordinated disclosure after resolution. Spey Systems Ltd will credit researchers who report in good faith unless they request otherwise.

Expected conduct

Spey Systems Ltd asks that security researchers act in good faith: avoid accessing, modifying, or deleting data beyond what is necessary to demonstrate the vulnerability; do not perform denial-of-service testing; do not disclose publicly before resolution.

Spey Systems Ltd will not pursue legal action against researchers who act in good faith and follow this policy.

Contact

security@speysystems.com

Security disclosures can also be submitted via the security.txt contact route.

Related: Privacy policy · Legal imprint · All policies

Legal identity

Spey Systems Ltd Registered in Scotland SC889983 Companies House record ↗

Governance

  • Privacy Policy
  • Accessibility
  • Security
  • Policies
  • Capability Statement
  • Legal

Portfolio

  • axilog.io
  • speytech.com
  • speybooks.com
  • github.com/SpeyTech

© May 2026 · Spey Systems Ltd · SC889983 · Inverness, Scotland

UK Patents GB2521625.0 and GB2522369.4.