Coordinated Vulnerability Disclosure
This policy explains how to report security vulnerabilities for austinosuide.com and what you can expect in response.
In Scope
- The public website at
https://austinosuide.comand its associated static assets. - The visitor count API endpoint referenced by the site UI.
Out of Scope
- Third-party platforms or services not owned by this site (e.g., LinkedIn).
- Social engineering, denial of service, spam, or physical attacks.
How to Report
Please email: austin@osuide.com with a concise description, reproduction steps, and any relevant request/response data or screenshots. Do not include sensitive personal data.
Safe Harbor
When you follow this policy in good faith, this site will not pursue legal action against you for testing and reporting vulnerabilities. Do not access, modify, or exfiltrate data that does not belong to you.
Expectations & SLAs
- Acknowledgement: within 5 business days.
- Initial assessment: within 10 business days.
- Fix or mitigation: prioritised by severity and impact.
PGP / Encryption (Optional)
If you prefer to encrypt your report, you can use my PGP public key. Download the key below and encrypt your findings before sending them by email.
Fingerprint: 27A3 31FF A8B6 B8F2 3177 64CF E5DA D37A 417B DDD5
Attribution
With your consent, you may be acknowledged on a simple thanks page after a validated report is remediated.