Security Disclosure Policy
Plain-Language Summary
- I only test systems with written permission from the owner.
- I do not test or scan random third-party systems.
- If you find an issue in a system, contact that system owner directly.
This policy explains the limits of this site and how unsolicited reports should be handled.
No active testing, automated scanning, exploitation, or validation is performed without explicit permission from the system owner.
Scope & Boundaries
This site is a writing archive, not a public testing target.
Nothing here authorizes or requests unsolicited testing, scanning, or probing of any third-party systems.
If you believe a vulnerability exists in an organization's system, contact the system owner directly or follow their published disclosure process.
Professional Conduct
Any security review should be governed by written authorization, explicit scope, and mutually understood boundaries.
This reflects a commitment to lawful, ethical, and structured security practice.
No Bug Bounty Program
This site does not operate a public bug bounty program and does not provide monetary rewards for unsolicited vulnerability reports.
Reporting a Security Concern
If you need to report a security concern related to this website, contact:
Please include sufficient technical detail to allow independent reproduction and validation of the issue. Reports should describe:
- The affected asset or endpoint
- The observed behavior
- Steps to reproduce, if known
- Relevant timestamps or context
Incomplete or speculative reports may not be actionable.