Introduction

I value the contributions of ethical hackers and security researchers in identifying vulnerabilities that could compromise my services. This Policy outlines how i collaborate with the security community to ensure responsible reporting and handling of security vulnerabilities.

Scope

This policy applies to all web services, applications, APIs, and infrastructure owned or managed by me. It is intended for security researchers and ethical hackers who wish to responsibly disclose vulnerabilities.

Guidelines for Reporting

1. Eligibility

• Ensure that your research and testing comply with all applicable laws and regulations.
• Do not violate the privacy of users, disrupt our systems, or access, modify, or delete any data during your testing.
• Only test systems explicitly listed in our scope of this policy.

2. What to Include in Your Report

• A clear and concise description of the vulnerability.
• Steps to reproduce the issue, including proof-of-concept code if available.
• The potential impact of the vulnerability.
• Your contact information for follow-up.

3. How to Submit a Report

• Reports should be submitted via email to security@lingo93.net.
• Use the subject line: "Vulnerability Disclosure - [Short Description of Issue]".
• Encrypt your email using my PGP key, available at https://security.lingo93.net/publickey.txt.

My Commitment

1. Response Time

• I will acknowledge receipt of your report as quickly as possible, usually within 3 business days.
• I will provide updates on my investigation and remediation progress.

2. Safe Harbor

• If you adhere to this policy during your research, i will not pursue legal action against you.
• I will work with you to resolve any legal ambiguities.

3. Recognition and Rewards

• I do not offer monetary rewards. However, with your permission, i include your name in our Hall of Fame as recognition for your contribution.

Out of Scope

The following are considered out of scope for this policy:

• Social engineering attacks.
• Physical attacks or threats against me or my facilities.
• Vulnerabilities in third-party systems or services that do not directly impact my infrastructure.
• Denial-of-service (DoS) attacks.

Contact Information

• Email: security@lingo93.net
• PGP Key: https://security.lingo93.net/publickey.txt

Conclusion

I appreciate the efforts of the security research community in helping me protect my users and systems. By following this policy, you contribute to a safer and more secure digital environment for everyone. Thank you for your cooperation and support.

Last update: 29.12.2024