Security Disclosure Policy
SecDim greatly appreciates investigative work into security vulnerabilities carried out by well-intentioned, ethical security researchers. We follow the practice of responsible disclosure in order to best protect SecDim’s user-base from the impact of security issues. On our side, this means:
We will respond to security incidents as a priority.
We will fix the issue as soon as is practical, keeping in mind that not all risks are created equal.
We will always transparently let the community know about any incident that affects them.
If you have found a security vulnerability in SecDim, we ask that you disclose it responsibly by emailing [email protected] Optionally, if you want to encrypt your email, you can use our PGP key. Please do not discuss potential vulnerabilities in public without validating with us first.
On receipt the security team will:
Review the report, verify the vulnerability and respond with confirmation and/or further information requests; we typically reply within 24 hours.
Once the reported security bug has been addressed we will notify the Researcher, who is then welcome to optionally disclose publicly.
SecDim does not ordinarily provide bug bounties, however we maintain a Hall of Fame to recognise those who have responsibly disclosed security issues to us in the past.