Skip to content

Security

Security Disclosure / Vulnerability Reporting

Thanks, I appreciate responsible reports. I'm a lone developer, so I cannot offer paid bounties or guaranteed SLAs. I can acknowledge reports and optionally add your name to a public Security Hall of Fame if you opt in.

Send reports by email to: security@csfcloud.com

Do not do

Do not:

  • Perform destructive tests (DoS, data exfiltration, mass scanning).
  • Access or copy other people's private data.
  • Publicly disclose issues before they’re fixed. If a test would be illegal, don’t do it.

What to include (short)

  • Affected URL(s)
  • Short summary of the issue and impact
  • Clear reproduction steps (copy-pasteable) + PoC if safe and minimal
  • Observed vs expected result
  • Attachments (logs, screenshots) — redact personal data
  • Preferred credit (name/handle or anonymous)

Thanks — please email security@csfcloud.com with reports or questions.