Responsible Disclosure


My guidelines

a. Give me enough details to reproduce the vulnerability

b. Allow me a reasonable amount of time to fix the vulnerability before making any info public

c. Avoid data deletion, unauthorized data access, and service disruption while testing the vulnerability you found

d. Don’t ask for compensation for your report


My commitment

a. I’ll let you know I got your report

b. I’ll give you an estimate of how long the fix will take

c. I’ll tell you when I’ve fixed the vulnerability


My thanks

If your vulnerability report is valid and you'd like to be recognized for your contribution, I’d love to add you to my Heroes of Rawket list, by name or anonymously.