Security Vulnerability Disclosure Policy¶

Introduction¶

Thank you for your interest in helping to keep this website secure. I value the contributions of security researchers and the broader security community in identifying potential vulnerabilities and helping to improve the security of this site. This policy provides guidelines for security researchers when searching for and reporting security vulnerabilities.

Scope¶

This policy applies to the domains and subdomains associated with this website.

In scope: - Main website domain and subdomains - Static site content - Third-party components used within the site

Out of scope: - Third-party services not directly under my control - Physical security - Social engineering attacks - Denial of service attacks - Spam or automated tools generating excessive traffic

Guidelines for Security Researchers¶

When conducting security research, please:

1. Do no harm: Make a good faith effort not to access or modify user data, disrupt services, or degrade the user experience.

2. Report promptly: Notify me about potential vulnerabilities as soon as you discover them.

3. Provide details: Include sufficient information to reproduce the issue, including:

4. Description of the vulnerability
5. Steps to reproduce
6. Potential impact

7. Any suggestions for remediation

8. Be patient: Allow reasonable time for me to address the vulnerability before public disclosure.

9. Act in good faith: Research should be conducted without malicious intent and comply with applicable laws.

Reporting a Vulnerability¶

To report a security vulnerability, please:

1. Send an email to [[email protected]] with the subject line "Security Vulnerability Report"

2. Include detailed information about the vulnerability, including:

3. The type of vulnerability
4. Steps to reproduce
5. Potential impact
6. Your contact information for follow-up questions

Response Process¶

When a security vulnerability is reported:

1. I will acknowledge receipt of your report within 48 hours.

2. I will assess the report and determine its validity and severity.

3. For valid reports, I will develop and implement a fix as soon as reasonably possible.

4. I will notify you when the vulnerability has been addressed.

Disclosure Policy¶

I believe in responsible disclosure:

1. Please allow me reasonable time to address the vulnerability before any public disclosure.

2. I will notify you when the vulnerability has been fixed.

3. If mutually agreed upon, public acknowledgment of your contribution may be provided.

Legal Considerations¶

While conducting security research according to this policy:

1. I will not pursue legal action against researchers who act in good faith and comply with this policy.

2. I will consider activities conducted consistently with this policy as "authorized" under applicable computer crime laws.

3. This policy does not provide authorization for actions beyond the scope defined here.

Attribution¶

If you report a security vulnerability according to this policy, I may publicly acknowledge your contribution (with your permission).

Changes to this Policy¶

This policy may be updated or revised as necessary. The most current version will always be available at this URL.

Thank you for helping to keep this website secure. Your efforts are appreciated and contribute to a safer online environment for everyone.

Last updated: 2025-05-21