Vulnerability Disclosure Policy

KE6PIJ.ORG

2020 Nov 27

Introduction

This is a personal website and not involved in anything that should interest most individuals looking to acquire sensitive information.

KE6PIJ.ORG is committed to ensuring the security of the American public by protecting their information. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.

Authorization

No authorization is provided to the general public for security research activities against this site.

If you make a good faith effort to comply with this policy during your security research, then you will know it is unauthorized and shall stop immediately and not disclose any potential vulnerabilities to any party. We will consider your research to be unauthorized. We will work with you to help you understand this and KE6PIJ.ORG will recommend or pursue legal action related to your research. Sending a vulnerability report to us with a period of time that you will wait prior to publicly disclosing the vulnerability shall be seen as ransom or extortion and be dealt with as any other unauthorized attack on this site.

Guidelines

Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.

Test methods

No testing of this site is authorized.

Scope

The entire ke6pij.org web site falls under the scope of this policy. No testing is allowed.

Reporting a vulnerability

We accept vulnerability reports at webmaster@ke6pij.org. Reports may be submitted anonymously. If you share contact information, we shall keep it confidential provided it adheres to the policy as written.

We do not support PGP-encrypted emails.

Questions

Questions regarding this policy may be sent to webmaster@ke6pij.org. We also invite you to contact us with suggestions for improving this policy.

Document change history

Version	Date	Description
1.0	November 17, 2020	First issuance.

revision history