Security Disclosure Policy
Last updated: June 3, 2026
- Introduction
SecurityPassport takes the security of our platform and customer data seriously.
We welcome responsible security research and encourage individuals to report potential vulnerabilities so they can be investigated and resolved.
- Reporting a Vulnerability
If you believe you have discovered a security vulnerability affecting SecurityPassport, please report it to:
Please include:
description of the vulnerability
steps to reproduce the issue
affected systems or URLs
potential impact
proof-of-concept if available
We ask that vulnerability reports remain confidential until the issue has been investigated and resolved.
- Our Commitment
When a valid report is received, we aim to:
acknowledge the report within 3 business days
investigate the issue promptly
provide updates where appropriate
resolve confirmed vulnerabilities as quickly as possible
- Responsible Disclosure Guidelines
Researchers are expected to:
avoid accessing data belonging to other users
avoid modifying or deleting data
avoid service disruption (e.g., denial-of-service testing)
act in good faith and avoid privacy violations
Testing should be limited to your own accounts or data.
- Out of Scope
The following activities are generally considered out of scope:
social engineering attacks
physical attacks against infrastructure
denial-of-service attacks
automated vulnerability scanning without authorization
- Legal Safe Harbor
We will not pursue legal action against security researchers who:
follow this policy
report vulnerabilities responsibly
avoid violating privacy or disrupting services
- Recognition
We may publicly acknowledge responsible researchers who help improve the security of the platform.