Security
Responsible Disclosure
ShepNet Security welcomes good-faith reports of security issues found on this website, shepnetsecurity.com. If you have noticed something that looks like a vulnerability, this page explains how to tell me and what to expect.
How to report
Email contact [at] shepnetsecurity [dot] com with your report. Please include a clear description of the issue and the steps to reproduce it, so the problem can be understood and confirmed quickly.
Scope
This policy covers the shepnetsecurity.com website and its public pages only.
The following are out of scope: anything not owned by ShepNet Security, client systems, and any third-party services. Please do not test, access, or attempt to disrupt systems that fall outside this website.
What to expect
ShepNet Security will acknowledge valid reports as soon as reasonably possible and will work in good faith to address confirmed issues. As a solo practice, I appreciate your patience while a report is reviewed.
Good-faith safe harbor
ShepNet Security will not pursue action against researchers who act in good faith and within the scope above. To stay within good faith, please avoid privacy violations, data destruction, and any disruption of service, and do not access or modify data beyond what is needed to demonstrate an issue.
No reward
This is a disclosure policy only. It does not offer any monetary reward or bug bounty. Reports are still genuinely valued, and your help keeping this site secure is appreciated.