Responsible Disclosure Policy
Purpose
We welcome security vulnerability reports so we can protect our users and improve the security of non9to5.com.
Scope
In scope:
- non9to5.com and its pages
- API endpoints we operate (e.g. the application form)
Out of scope:
- Third-party services we do not control
- Social engineering of our staff or visitors
- Physical attacks
Rules of engagement
- Act in good faith and avoid privacy violations, data destruction, and service disruption.
- Do not access or modify data that is not your own.
- Do not use automated scanning at a rate that degrades service.
- Provide enough detail to reproduce and verify the issue.
How to report
Send reports to: lauraottosolutions@gmail.com
If you need to send sensitive material, request our PGP key first.
Our commitments
- We will acknowledge receipt within 5 business days.
- We will triage and validate reports as quickly as possible.
- We will credit you publicly if you request it (optional).
Safe harbor
If you follow this policy, we will not pursue legal action against you for your research. This does not grant permission to act outside applicable law or this policy.
← Back to Non9to5