Security Policy Document

Reporting a Security Vulnerability

To report security vulnerabilities related to our system, please send a comprehensive and detailed email to Gavin Zhenggav.zheng@outlook.com. This dedicated email address ensures that your report will be handled by our dedicated security team promptly and confidentially.

Importance of Reporting Uncertainties

Even if you are unsure whether a particular issue constitutes an exploitable vulnerability, it is highly advisable to send your report to Gavin Zhenggav.zheng@outlook.com. Avoid discussing the issue publicly or in any other forums until it has been thoroughly reviewed by our team.

Confidentiality and Communication Channels

We expect all discussions regarding vulnerabilities to take place exclusively through Gavin Zhenggav.zheng@outlook.com. Public disclosure of vulnerabilities is discouraged until an official announcement is made on our official communication channels, such as our company's newsletter or website.

Details to Include in Your Report

To facilitate a thorough analysis and timely response, please include the following details in your vulnerability report:

1. Demonstration of Exploit:

   • If possible, provide a concise description or a script that demonstrates how the exploit works. This will help us understand the nature and severity of the vulnerability.

2. Affected Platforms and Scenarios:

   • Specify the platforms and scenarios where the vulnerability is likely to be exploited. For example, indicate whether the vulnerability is specific to certain operating systems, hardware configurations, or software versions.

3. Security Researchers' Information:

   • If you are part of a team or have colleagues involved in discovering the vulnerability, please include your names and affiliations. This information will be kept confidential and only used for internal tracking purposes.

4. Disclosure Status:

   • Indicate whether the vulnerability has already been disclosed to any third parties. Knowing this information will help us determine the urgency and scope of our response.

5. Embargo Period:

   • Provide your recommendation on how long an embargo period should be in place to ensure that the vulnerability can be addressed without compromising user security. This will guide our decision-making process regarding the timing of the official announcement.

By adhering to these guidelines, you can help us ensure that security vulnerabilities are identified, addressed, and communicated in a timely and effective manner. Thank you for your efforts in helping to keep our system secure.