Security is a top priority in all my projects. Despite careful design and testing, vulnerabilities can occasionally occur. This policy outlines how to responsibly report security issues and what to expect in terms of response.
If you discover a security issue, please report it responsibly. Depending on the urgency, there are several ways to contact me.
| Type | Description | Action Required | Estimated Response Time |
|---|---|---|---|
| Critical / Urgent | Vulnerabilities that could lead to immediate exploitation, data loss, or service disruption (e.g., zero-day attacks) | Contact me immediately via email | ≤ 24 hours |
| Moderate | Issues that may have impact but are not actively being exploited | Contact me via email or contact form | 48–72 hours |
| Low / Informational | Minor bugs, potential improvements, or security concerns with low impact | Submit via contact form | 5-7 days |
If the vulnerability is critical, email me directly using the link below:
Please include:
- A detailed description of the issue
- Steps to reproduce the problem
- Potential impact
- Any suggested mitigation (optional)
If the issue is not urgent, you can use the contact form instead:
Please provide the same information listed above to help me resolve the issue efficiently.
While reporting vulnerabilities, please:
- Do not publicly disclose the issue before it has been resolved
- Avoid accessing or modifying data beyond what is necessary to demonstrate the vulnerability
- Be respectful and professional
All valid reports are taken seriously, and I aim to acknowledge and resolve them as quickly as possible.
You may optionally provide your name or organisation if you wish to be acknowledged for a report created once the issue is resolved.