Security

Security is important to me—both professionally and for this site. If you discover a vulnerability, I want to hear about it.

Vulnerability Disclosure Policy

Scope: This policy covers kevinbytes.com and all associated subdomains.

When reporting, please include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Proof of concept (if applicable)

What to expect:

  • Acknowledgment within 48 hours
  • Initial assessment within 5 business days
  • Regular updates on remediation progress
  • Credit in acknowledgments (with your permission)

Out of scope:

  • Social engineering attacks
  • Physical security testing
  • DoS/DDoS attacks
  • Spam or content injection
  • Issues in third-party services or dependencies

Report a Vulnerability

[email protected]

For sensitive reports, you can encrypt your message. PGP key available on request.

Machine-Readable Policy

This site implements RFC 9116 (security.txt) for automated security contact discovery:

/.well-known/security.txt

Safe Harbor

Activities conducted consistent with this policy will be considered authorized. I will not pursue civil action or file a complaint with law enforcement for security research performed in good faith. If legal action is initiated by a third party, I will take steps to make it known that your actions were conducted in compliance with this policy.

← Back to Home