Security Policy

Reporting a Vulnerability

We take the security of our website seriously. If you believe you’ve found a security vulnerability, please report it to us as described below.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, please report them via email to [email protected].

You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

Please include the following information in your report:

• Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

Encryption

For sensitive communications, we support PGP encryption. Our public key is available at https://codybrunner.com/pgp-key.txt.

Key Details:

• Email: [email protected]
• Type: RSA
• Size: 4096 bits
• Created: 2024-06-13

To encrypt your message:

1. Download our public key
2. Import it into your PGP client
3. Encrypt your message using the key
4. Send the encrypted message to [email protected]

Verifying our key: After downloading our key, you can verify its authenticity by checking that it’s associated with [email protected] and matches the key fingerprint published in our GitHub profile at https://github.com/rockchalkwushock.

We maintain a security.txt file at https://codybrunner.com/.well-known/security.txt according to RFC 9116.

Scope

This security policy applies to the following systems and services:

• codybrunner.com
• All associated subdomains
• All associated APIs and services

What to expect

When you choose to share your contact information with us, we commit to coordinating with you as openly and as quickly as possible.

We strive to acknowledge reports within 24 hours and to provide an initial assessment within 48 hours.

Within 48 hours, you will receive:

• An acknowledgment of your report
• An initial assessment of the report
• An expected timeline for any required fixes

Recognition

We believe in recognizing the valuable contributions of security researchers. If you are the first to report a unique vulnerability, and we make a code or configuration change based on the report, we will:

1. Add your name to our Security Hall of Fame
2. Provide a public acknowledgment of your contribution (with your permission)

Legal Considerations

We want you to responsibly disclose your findings, and therefore we will not take legal action against you or administrative action against your account if you act in good faith and follow these guidelines.

Updates to this Policy

We may update this security policy from time to time. The latest version will always be available at https://codybrunner.com/security-policy.

Last updated: May 13, 2025