Dislosure Policy

Please note that I have the following policy regarding publicly disclosing vulnerabilities:

1. Best effort will be made to contact the vendor/application developer to discuss the vulnerability. Two attempts will be made in a 7 day period to make contact. If after this time no response is received from the vendor, the vulnerability will be published.
2. Once confirmation of the vulnerability is received from the vendor, I will work to provide any additional information required to assist with resolution. I do not expect payment or any other benefit. Acknowledgement in the release notes for the fix would be appreciated.
3. After 45 days of me initiating first contact with the vendor or on confirmation from the vendor that the vulnerability is fixed, the vulnerability will be published.