This is the security notice for this repository. The notice explains how vulnerabilities should be reported to the owner. I will aim to review, triage and resolve vulnerabilities within the information included in this document within seven working days.
I am an advocate of responsible vulnerability disclosure. If you’ve found a vulnerability, we would like to know so I can fix it. You may report a vulnerability by completing a Vulnerability Disclosure Form.
When you are investigating and reporting the vulnerability on a GDS domain or subdomain, you must not:
- break the law
- access unnecessary or excessive amounts of data
- modify data
- use high-intensity invasive or destructive scanning tools to find vulnerabilities
- try a denial of service
- disrupt services or systems
- tell other people about the vulnerability you have found until we have disclosed it
- social engineer, phish or physically attack our staff or infrastructure
- demand money to disclose a vulnerability