Security Policy
Security is a priority across all projects maintained here. While I make every effort to design and test systems carefully, vulnerabilities can occasionally occur.
This site and its related projects are maintained by just me, and nobody else.
Response times may vary, but all legitimate security reports are taken seriously
and handled as promptly as possible.
Reporting a Vulnerability
If you discover a security issue, please report it responsibly. The appropriate contact method depends on severity:
| Severity | Description | Contact Method | Estimated Response |
|---|---|---|---|
| Critical / Urgent | Immediate risk of exploitation, data exposure, or service disruption | Email directly | ≤ 24 hours |
| Moderate | Meaningful impact but no active exploitation | Email or contact form | 48–72 hours |
| Low / Informational | Minor issues or security improvements | Contact form | Up to 7 days |
How to Report
Urgent issues:
Non-urgent issues:
Please include:
- Clear description of the issue
- Steps to reproduce
- Potential impact
- Suggested mitigation (optional)
Responsible Disclosure Guidelines
- Do not publicly disclose vulnerabilities before resolution.
- Only access or modify data necessary to demonstrate the issue.
- Do not perform actions that could degrade or disrupt services.
Good-faith security research conducted under these guidelines will not result in legal action.
Acknowledgements
If you would like to be acknowledged after an issue is resolved, you may provide your name or organisation in your report.
security.txt
A security.txt file is available at:
https://dmx3377.uk/.well-known/security.txt