Responsible Disclosure

Responsible Disclosure Policy

Introduction

We take the security of our website and digital services seriously. Despite our best efforts, vulnerabilities may still occur. If you believe you have discovered a security vulnerability in this website, we encourage you to report it responsibly so we can investigate and resolve the issue.

This policy outlines how to report vulnerabilities and how we will respond.

How to Report a Vulnerability

If you discover a potential security issue, please report it by email or via our contact form.

Email:
[email protected]

or

Contact form:
https://aspergillosis.org/%f0%9f%93%ac-contact-support-aspergillosis-org/

Please include as much information as possible to help us reproduce and resolve the issue, such as:

  • A description of the vulnerability

  • Steps required to reproduce the issue

  • URLs or pages affected

  • Screenshots or proof-of-concept if available

  • Any potential impact you believe the vulnerability may have

What We Ask From Researchers

When reporting vulnerabilities, please:

  • Act in good faith and avoid privacy violations or service disruption.

  • Do not access, modify, or delete data belonging to others.

  • Do not exploit the vulnerability beyond what is necessary to demonstrate it.

  • Do not perform automated scanning that may affect the stability of the website.

  • Give us reasonable time to investigate and resolve the issue before public disclosure.

Our Commitment

When you report a vulnerability in accordance with this policy, we will:

  • Acknowledge receipt of your report.

  • Investigate the issue as quickly as possible.

  • Work to resolve confirmed vulnerabilities.

  • Communicate with you regarding the progress of our investigation where appropriate.

Scope

This policy applies to vulnerabilities discovered on:

Third-party services or external websites are outside the scope of this policy.

Recognition

We appreciate the efforts of security researchers who help improve the safety of our digital services. At this time we do not operate a bug bounty programme but we are grateful for responsible disclosure.

Security Contact

Security issues can be reported to:

[email protected]