Security
Responsible disclosure
If you discover a vulnerability in HubSec's website or tools, please report it to security@hubsec.net. PGP-encrypted reports are preferred.
What we ask
- Allow reasonable time for us to investigate and address the issue before public disclosure.
- Do not access, modify, or exfiltrate data belonging to other users.
- Do not perform testing that degrades service availability for other users (no DoS, no aggressive scanning).
- Provide enough detail to reproduce the issue — affected endpoint or page, steps, and expected vs. observed behavior.
What we will do
- Acknowledge receipt within a reasonable timeframe.
- Investigate and, if confirmed, work toward a fix.
- Credit reporters who wish to be credited, after the fix has shipped.
Bounty program
HubSec does not currently operate a paid bug bounty program. We appreciate good-faith reports and will credit reporters who request credit.
PGP
For sensitive reports, please encrypt with our PGP key.
Fingerprint: 1027 0DFF 53E0 B61F 809F C079 E0E6 BF50 4785 0199
Download PGP key →