We kindly ask you to:
- e-mail your findings to firstname.lastname@example.org;
- do not take advantage of the vulnerability or problem you have discovered, for example by downloading or viewing more data than necessary to demonstrate the vulnerability or deleting or modifying data;
- do not reveal the problem to others until it has been resolved;
- delete all confidential data immediately after the leak has been fixed;
- if you are planning to do a publication, please allow us to play an active role in the ultimate publication on the problem after it is resolved;
- do not attack via: social engineering, distributed denial of service, spam or our physical security, and
- do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the url of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.
- we will respond to your report within three business days and will keep you informed on the progress towards resolving the problem;
- if you have followed the instructions above, we will not take any legal action against you in regard to your report and activities;
- we will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission unless required to do so by law;
- when we decide to announce this problem we will mention you as the discoverer of the problem (unless you desire otherwise).