GPRP v1.2 - GiliNet PRISEC Research Policy

This document serves as the definitive legal and operational framework for the GiliNet PRISEC (Privacy and Security) division. It dictates the rules of engagement for security research, vulnerability hunting, and infrastructure modification.

1 Executive Mandate
2 Technical Definitions
3 Operational Framework: The Tiered Zone System
4 The PRISEC Code of Procedure (Rules of Engagement)
5 Commissioning and Supervision
6 Legal Safe Harbor & Liability Disclaimer

1. Executive Mandate

GiliNet is a mass collaboration community launched to develop, maintain, inspect and to protect open source projects and to inspect, develop, decompile and modify security infrastructures for better versions. The PRISEC Division serves as the collective’s cyber security arm, utilizing advanced security research, reverse engineering, and decompilation to identify systemic vulnerabilities and develop superior, "hardened" versions of existing tools for the public good.

2. Technical Definitions

To ensure clarity across all operations, GiliNet defines its core activities as follows:

Security Audit/Vulnerability Hunting: The systematic evaluation of a system’s security properties and the search for potential vulnerabilities for patching them.
Reverse Engineering: The process of analyzing a functional system to identify its components and their interrelationships to create representations of the system in another form.
Decompile/Decompilation: The systematic method of disassembling an infrastructure or a system to learn or gather information about its inner workings, mechanisms and potential vulnerabilities.
Security Hardening: The process of securing a system by reducing its surface of vulnerability through patches, configuration changes, or the removal of unnecessary functions.
Responsible Disclosure: The practice of informing a system owner of a vulnerability and allowing a reasonable period for remediation before public release.

3. Operational Framework: The Tiered Zone System

PRISEC operations are strictly governed by the classification of the target infrastructure.

Tier	Category	Authorization Level	Primary Objective
Tier 1 (Green)	Open-Source Systems	Full/Proactive	Vulnerability hunting, automated auditing, and the development of "Hardened Forks."
Tier 2 (Blue)	Authorized Proprietary	Restricted/Passive	Participation in official VDPs (Vulnerability Disclosure Policies) or Bug Bounties.
Tier 3 (Red)	Critical Ecosystems	Educational/Static	Analysis of previously published vulnerabilities in strictly proprietary platforms and their products.

3.1 Tier 1: The Open-Source Mandate

PRISEC officially commissions deep-dive decompilation and security audits of open-source projects. Members are encouraged to develop "Gili-Hardened" versions of these projects that prioritize user privacy, cryptographic integrity and overall security.

3.2 Tier 2: The Authorized Proprietary Protocol

Engagement with proprietary systems is permitted only if the hunt is in the public domain or follows a "normalized" process stated by the owner (e.g., a published Bug Bounty). Researchers must adhere strictly to the vendor's provided "Safe Harbor" guidelines.

3.3 Tier 3: The Knowledge-Base Restriction (For Strictly Proprietary Products)

Due to the unique legal landscapes surrounding these proprietary ecosystems, PRISEC will not commission original vulnerability research for unpatched (Zero-Day) exploits in these systems.

Activity is limited to the study, reproduction, and documentation of already disclosed vulnerabilities.
The goal is purely educational: to help the community understand modern exploitation techniques and how to defend against them.

4. The PRISEC Code of Procedure (Rules of Engagement)

All GiliNet collaborators must adhere to the following four pillars:

Non-Disruption: Security audits and decompilation must be conducted in isolated environments. Research must never impact the availability or performance of live production systems or end-users.
Privacy Supremacy: Accessing, storing, or sharing Personally Identifiable Information (PII) or private user data is strictly prohibited. Research must focus on the infrastructure, not the inhabitants.
Integrity of Intent: Modifications and patches developed by GiliNet must objectively improve the system's security or privacy. GiliNet does not support the creation of "backdoors" or malicious alterations.
Standardized Disclosure: All vulnerabilities identified in Tier 1 or Tier 2 must follow the GiliNet Disclosure Procedure: a mandatory 90-day window for vendor remediation prior to any public announcement by PRISEC.

5. Commissioning and Supervision

PRISEC uses a decentralized voting and operation model for its projects:

Project Proposal: Any member may propose a "Security Audit" or "Hardening Project" for an open-source tool.
Zone Verification: The PRISEC host must verify that the target is "Green Zone" or "Authorized Blue Zone" before any official GiliNet resources are allocated.
Verification of Results: Rewards are only given once a reproducible Proof of Concept (PoC) and a proposed remediation (patch) have been submitted to the GiliNet repository.

6. Legal Safe Harbor & Liability Disclaimer

Individual Responsibility: GiliNet is a platform for collaboration. All members are responsible for ensuring their research activities comply with their local jurisdictions.
No Indemnification: GiliNet does not provide legal defense for members who act outside the Tiered Zone System or violate the Code of Ethics.
Non-Malicious Intent: This policy serves as public evidence that GiliNet’s intent is the improvement of global security infrastructure through disassembly and audit, rather than unauthorized access or digital trespass.

The GiliNet Golden Rule: We disassemble to understand. We audit to protect. We harden to endure. If a system is closed, we respect the gate; if it is open, we perfect the architecture.