PCL can review certain reports. Only the responsible system owner can authorize testing.
Generally Reviewable
- Ordinary authorized-use findings.
- Passive public-source observations.
- Authorized crash, log, or trace analysis.
- Documented program-scope research.
Rejected by Default
- Exploit development.
- Unauthorized scanning or fuzzing.
- Service degradation.
- Credential misuse or data exfiltration.
Related Policy
Boundary
Only the responsible system owner can authorize testing. PCL may review or coordinate a report, but that review is not authorization to test a third-party system. If authorization is unclear, resolve that question before conducting activity and before submitting detailed evidence.