Security Policy

If you discover a security vulnerability in any of our services, please report it to us through our IRC channel:

• IRC: #btoven on irc.hackint.org

For sensitive information, please encrypt your message using our PGP key available at /pgp-key.asc

When reporting vulnerabilities, please:

• Provide sufficient information for us to reproduce and verify the vulnerability
• Include steps to reproduce, proof-of-concept, or screen captures if applicable
• Respect user privacy and do not access or modify user data
• Allow us reasonable time to fix the issue before disclosing publicly
• Avoid performing actions that could cause service disruption or data loss

• Don't exploit the vulnerability beyond what's necessary to demonstrate it
• Don't access, modify, or delete data that's not yours
• Don't disrupt our services or services for other users
• Follow responsible disclosure principles

• Acknowledgment of your report within 48 hours
• Regular updates on our progress in fixing the issue
• Transparency about our remediation timeline
• Credit in our security acknowledgments (if you wish)
• Consideration for a bounty or reward for critical vulnerabilities (at our discretion)

If you follow these guidelines, we will not take legal action against you in response to your security research. We consider security research conducted in accordance with this policy to be authorized and we will not pursue legal action.

• Third-party services integrated into our platforms
• Social engineering attacks
• Physical attacks on our infrastructure
• Vulnerabilities in browsers or client-side software
• DDoS attacks or service disruption
• Issues already known or publicly disclosed

For security-related inquiries, please use our dedicated security channel:

• IRC: #btoven on irc.hackint.org

For sensitive information, please use our PGP key: /pgp-key.asc