The information on this page explains how you can legally report a vulnerability to us.
With the goal of always trying to improve and keeping everything as secure as possible, we ask that you report any vulnerabilities found in the scope of the entire site.
How to report a vulnerability
- We ask that you report any vulnerability you find as soon as possible. Do this by sending an email to firstname.lastname@example.org. Encrypt the content of this email first with our PGP key.
- Make sure that you provide enough information. An IP address/url, and a general description of the vulnerability.
- Provide us with an email address on which you would like to be notified of progress.
- Provide confirmation that you agree with the terms of this Responsible Disclosure Policy.
A few rules to keep yourself to
We have a few rules set in place so that we can protect both parties from legal suits.
- Do not publicly disclose the vulnerability before you have received confirmation from us that the vulnerability is fixed.
- Do not abuse any vulnerability.
- Delete all data you retrieved if there is any.
What you can expect of us
- If you follow all terms of this Responsible Disclosure Policy, then we will not take any legal action against you.
- We will keep you updated on the progress of the fixing of the vulnerability.
- If the report was a valid vulnerability, then you will receive a place in our Hall of Fame.
- Depending on the severity of the vulnerability, you may receive a monetary reward as well.
For any other questions regarding this policy, feel free to contact email@example.com.