Responsible Disclosure Policy

BSides312 takes security seriously. If you believe you've found a security vulnerability in our website, services, or organization, we encourage you to notify us responsibly.

How to Report a Vulnerability

Please send reports to [email protected] with the following information:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any suggestions for mitigation

What to Expect

When you submit a vulnerability report, you can expect:

• Acknowledgment of your report within 48 hours
• An initial assessment of the report within 5 business days
• Updates on our progress addressing the issue
• Public recognition for your responsible disclosure (if desired)

Guidelines

We ask that you:

• Provide sufficient information to reproduce the vulnerability
• Make a good faith effort to avoid privacy violations, destruction of data, or interruption of services
• Do not access or modify data that does not belong to you
• Allow reasonable time for us to address the issue before disclosing it publicly

Scope

This policy applies to all BSides312 digital assets, including:

• bsides312.github.io website
• BSides312 event registration systems
• BSides312 email systems
• BSides312 social media accounts

Out of Scope

The following are considered out of scope for our vulnerability disclosure program:

• Denial of Service (DoS) attacks
• Social engineering attacks
• Physical security issues
• Issues on systems not owned by BSides312

Legal Safe Harbor

BSides312 will not pursue legal action against security researchers who:

• Make a good faith effort to comply with this policy
• Avoid intentional harm to our systems or data
• Refrain from publicly disclosing vulnerability details before we've had a reasonable time to address them