Security
Security Policy
How to report security vulnerabilities in this website and what you can expect in response.
Reporting a Vulnerability
If you believe you have found a security vulnerability in this website, please report it directly via email:
Email: security@yourdomain.com
Please do not report security vulnerabilities through public GitHub issues, social media, or any other public channel.
What to Include
- A description of the vulnerability and its potential impact
- Step-by-step instructions to reproduce the issue
- Any proof-of-concept code or screenshots
- Your suggested remediation, if you have one
What to Expect
- Acknowledgement within 48 hours confirming receipt of your report
- Assessment within 7 days with an initial evaluation of severity and validity
- Resolution timeline communicated once the issue is confirmed
- Notification when the vulnerability has been resolved
Responsible Disclosure Guidelines
- Give me reasonable time to investigate and fix the issue before any public disclosure
- Avoid accessing, modifying, or deleting data that does not belong to you
- Do not perform denial-of-service attacks or automated scanning without prior permission
- Act in good faith — the goal is to improve security, not cause harm
Scope
This policy applies to:
- yourdomain.com and all subdomains
- Any APIs or services operated by this site
Out of scope:
- Vulnerabilities in third-party services
- Social engineering attacks
- Physical security issues
- Denial of service attacks
PGP Key
For sensitive reports, you may encrypt your message using my PGP public key:
https://yourdomain.com/pgp-key.txt
Fingerprint: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
Acknowledgements
Responsible reporters will be acknowledged here with their permission.
Last updated:
security.txt →