We investigate all reports of vulnerabilities to our website. Feedback will be sent to the reporter as soon as possible. We are particularly interested in hearing about vulnerabilities that impact the confidentiality or integrity of user information or systems, and have the potential to impact a large number of users.
What to do when you find a vulnerability:
- Immediately stop exploiting the vulnerability.
- Report the vulnerability as soon as possible to: firstname.lastname@example.org
- Try to be as detailed as possible in your description of the vulnerability. Please provide screenshots, scripts, payloads etc that can help us to exploit the vulnerability.
- Wait for us to fix the vulnerability before disclosing it publicly.
- You will be credited if you do not wish to be anonymous.
- Extensive penetration testing of our systems may lead to legal actions.