Site Security Information

You can send reports to using my GPG public key.

If you find a security problem with my site, please let me know. I can't promise a bounty for a security vulnerability, but if you find something bad enough it's not entirely out of the question. This is just a personal site after all. I can also add you to the hall of fame below if you like.

Process wise it's almost trivial. Send me an email about the issue (preferably encrypted) documenting how to reproduce it. I'll try to reply within 7 days about it and should have it patched within 30. I'll let you know once it's patched and after that (or 30 days) you're free to publicly disclose your findings if you like.

Thank you for taking the time to read this and for any effort you put into bug hunting around my site.

Hall of Fame