Responsible Disclosure

 

My guidelines

a. Give me enough details to reproduce the vulnerability

b. Allow me a reasonable amount of time to fix the vulnerability before making any info public

c. Avoid data deletion, unauthorized data access, and service disruption while testing the vulnerability you found

d. Don’t ask for compensation for your report

 

My commitment

a. I’ll let you know I got your report

b. I’ll give you an estimate of how long the fix will take

c. I’ll tell you when I’ve fixed the vulnerability

 

My thanks

If your vulnerability report is valid and you'd like to be recognized for your contribution, I’d love to add you to my Heroes of chung-yoo-ra list, by name or anonymously.