Acceptable Use & Lawful Research Policy
Introduction
ShellOrbit Research Labs operates as a Scientific Research and Technology Development Laboratory focused on system-level software security and assurance. This policy defines the principles that govern acceptable use of our research outputs and the lawful conduct of research activities associated with ShellOrbit Research Labs.
The purpose of this policy is to establish clear boundaries, promote responsible behavior, and ensure that all research activities are conducted in a manner that is ethical, lawful, and aligned with the objective of improving system security and resilience.
Scope of This Policy
This policy applies to:
- Research conducted by ShellOrbit Research Labs personnel
- Use of research outputs, publications, advisories, and materials produced by ShellOrbit Research Labs
- Individuals or organizations engaging with ShellOrbit Research Labs research content
- Collaborators or contributors acting in association with ShellOrbit Research Labs
This policy does not replace contractual obligations or legal agreements governing specific engagements.
Lawful Research Conduct
All research conducted by or associated with ShellOrbit Research Labs must comply with applicable local, national, and international laws and regulations.
Research activities are conducted only on:
- Software and systems owned by ShellOrbit Research Labs
- Open-source or publicly distributed software
- Systems for which explicit authorization has been granted
- Isolated research environments designed for testing and analysis
Unauthorized access to systems, networks, or data is strictly prohibited.
Acceptable Research Activities
Acceptable activities under this policy include, but are not limited to:
- Analysis of compiled binaries, firmware, and system-level software for security and integrity assessment
- Examination of execution behavior, architectural assumptions, and failure modes
- Development of proof-of-concept material for defensive validation in controlled environments
- Documentation and publication of findings following responsible disclosure practices
All such activities must be performed with the intent to improve security and reduce systemic risk.
Prohibited Activities
The following activities are explicitly prohibited in connection with ShellOrbit Research Labs research or materials:
- Use of research outputs to compromise, exploit, or disrupt live systems without authorization
- Deployment of research techniques against production environments
- Development or distribution of autonomous or self-propagating malicious code
- Participation in activities intended to cause harm, extortion, surveillance, or unauthorized data access
- Social engineering, denial-of-service testing, or physical intrusion attempts
ShellOrbit Research Labs does not support or endorse offensive operations or misuse of security research.
Use of Research Outputs
Research outputs published by ShellOrbit Research Labs are intended for educational, defensive, and assurance-oriented purposes.
Any use of ShellOrbit Research Labs research materials must:
- Respect applicable laws and regulations
- Avoid misuse or misrepresentation
- Acknowledge that research findings are contextual and time-bound
- Refrain from applying techniques outside lawful and authorized settings
ShellOrbit Research Labs disclaims responsibility for misuse of its research by third parties acting outside these principles.
Third-Party Software
Software and tooling developed and operated by ShellOrbit Research Labs incorporates third-party open source software components, each governed by their respective license terms (including Apache 2.0, MIT, BSD, GPL, and LGPL variants). Use of ShellOrbit Research Labs software does not transfer any rights beyond what those licenses individually permit. A full list of incorporated components is available upon written request to security@shellorbit.com.
This product uses the NVD API but is not endorsed or certified by the NVD.
ShellOrbit Research Labs software and research outputs are proprietary. All rights not expressly granted are reserved.
Controlled Disclosure and Redaction
Where research involves sensitive technical details, ShellOrbit Research Labs may limit, redact, or delay publication to reduce the risk of misuse.
Decisions regarding the level of technical detail disclosed are made with consideration for:
- Potential impact on users and infrastructure
- Availability of mitigations
- Coordination with affected stakeholders
- Regulatory and legal obligations
Collaboration and External Contributions
External researchers and collaborators engaging with ShellOrbit Research Labs are expected to adhere to this policy and to applicable responsible disclosure practices.
ShellOrbit Research Labs reserves the right to limit or decline collaboration where research objectives, methods, or conduct are inconsistent with this policy.
Enforcement
Violations of this policy may result in:
- Termination of collaboration or engagement
- Withdrawal of access to research materials
- Reporting to appropriate authorities where required by law
ShellOrbit Research Labs retains sole discretion in determining whether conduct aligns with this policy.
Relationship to Other Policies
This policy should be read in conjunction with:
- Vulnerability Disclosure Policy
- Security Policy
- Data Privacy Policy
Together, these documents define the framework under which ShellOrbit Research Labs conducts and publishes research.
Policy Updates
This policy may be updated periodically to reflect changes in legal requirements, research scope, or operational practices. The most current version will be published on this site.
Contact
Questions regarding this policy may be directed to:
For security-related concerns, please use: