Last updated — 2023-02-13
We take the security of our services and our users’ data very seriously. This document intends to establish the means by which you can report any security vulnerability to us safely, and the measures we will take to rectify it.
We appreciate any disclosure, but we ask that you follow the guidelines below to ensure safety and legal compliance.
Once you’ve discovered a security vulnerability, please report it to us via our email on security disclosures;
email@example.com. We prefer that you encrypt your message using PGP, especially if the vulnerability is particularly critical. Our PGP public keys are available on https://cosmic.media/pgp.
Please do not report security vulnerabilities through any other means. Reporting directly to
firstname.lastname@example.org ensures a quick response from appropriate personnel.
We will investigate all legitimate disclosures sent to us (as described above) and make an effort to resolve them as quickly as possible, as well as notify anyone that may have been affected. To encourage responsible reporting, we will not take legal action against you nor ask law enforcement to investigate you, provided you comply with the following guidelines on responsible disclosure:
For your assurance,
Depending on the severity of the vulnerabilities you discover, CosmicMedia may offer compensation and rewards for your discoveries.