Nullforge is committed to ensuring the security of our systems and applications. We recognize the importance of the security community in helping us identify and address vulnerabilities. This Security Disclosure Policy outlines the process for reporting security vulnerabilities to Nullforge.
This policy applies to all systems, applications, and services operated by Nullforge.
If you believe you have discovered a security vulnerability, please report it to us as soon as possible by sending an email to [email protected]. Please include the following information in your report:
- A detailed description of the vulnerability, including steps to reproduce it.
- The specific location and details of the vulnerability (URLs, parameters, headers, etc.).
- Your contact information for further communication.
We encourage responsible disclosure and request that you do not publicly disclose the vulnerability until we have had the opportunity to investigate and address it. We commit to working with you to understand and resolve the issue promptly.
- We will acknowledge receipt of your report within 48 hours.
- Our security team will investigate the reported issue promptly.
- We will work with you to understand the details and potential impact of the vulnerability.
- We will keep you informed of the progress towards resolving the issue.
- Once the vulnerability is fixed, we will notify you and publicly acknowledge your contribution if you agree.
Do not attempt to exploit the vulnerability beyond what is necessary to demonstrate the security issue.
Do not disclose the vulnerability to others or use it for malicious purposes.
Exclusions:
The following types of reports are not within the scope of this policy and may be subject to legal action:
Denial of service attacks.
Social engineering attacks.
Physical security vulnerabilities.
We will not pursue legal action against security researchers who act in good faith and adhere to this policy. We consider your security research activities to be authorized, provided they are conducted in accordance with this policy.
This security disclosure policy may be updated from time to time. Please check back regularly for any changes.
Last updated: Sat Jan 13 05:10:28 PST 2024