Effective Date: April 28, 2025
Domain: https://www.eliyahuezra.uk/
Introduction
At calvinfelineism.org, we take security seriously and deeply value the contributions of security researchers and the broader security community.
The responsible disclosure of potential vulnerabilities helps us ensure the security and privacy of our users, data, and services.
This Responsible Disclosure Policy outlines our expectations when security vulnerabilities are reported and provides guidelines for conducting security research in a manner that is safe and lawful.
Reporting Security Vulnerabilities
If you believe you have discovered a potential security vulnerability in any product, service, or system belonging to calvinfelineism.org, we encourage you to report it to us immediately.
Please submit your findings via:
Email: security@eliyahuezra.uk
We request that reports contain sufficient detail to allow us to reproduce and evaluate the vulnerability effectively.
Guidelines for Responsible Disclosure
Researchers must:
- Avoid violating privacy, destroying data, or interrupting our services.
- Only use methods that are legal and non-destructive during testing.
- Report vulnerabilities promptly and directly to our designated channels.
- Provide sufficient information for us to reproduce and validate the vulnerability.
- Give us a reasonable amount of time to remediate the vulnerability before publicly disclosing it (we aim to address issues within 90 days of receipt).
- Avoid publicly disclosing vulnerabilities before they have been resolved, without express permission.
In turn, we commit to:
Acknowledge receipt of your report within 72 hours.
- Provide status updates within 14 business days.
- Work diligently to remediate verified vulnerabilities in a timely manner.
- Credit researchers in our Acknowledgments (Hall of Fame) page if permission is granted.
Scope of This Policy
This policy applies to:
- All public-facing systems and services operated by calvinfelineism.org.
- Applications, websites, APIs, and infrastructure assets explicitly owned by calvinfelineism.org.
Out of scope:
- Third-party services or products not directly controlled by us.
- Social engineering (e.g., phishing employees).
- Physical attacks against property or staff.
Safe Harbor
- When conducting vulnerability research within the scope of this policy:
- We consider your research activities to be authorized.
- We will not initiate legal action against you if you act in good faith and comply with this policy.
If legal action is initiated by a third party, we will make it clear that your activities were conducted in compliance with this policy.
Exclusions
The following activities are prohibited and not protected by this policy:
- Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks.
- Physical security attacks against premises or facilities.
- Use of social engineering techniques against calvinfelineism.org personnel.
- Testing that results in service interruptions or damages.
Acknowledgments and Recognition
We appreciate the efforts of security researchers who responsibly disclose vulnerabilities.
With your permission, we would be honored to recognize your contributions on our Hall of Fame page.
Updates to This Policy
https://www.eliyahuezra.uk/ may update this Responsible Disclosure Policy from time to time. We encourage you to review it periodically to stay informed about how we manage vulnerability disclosures.