Security Disclosure
Our commitment to cooperating with the security research community to harden our digital systems.
// COORDINATED REPORTING PROCESS
1. Reporting
Send details of the vulnerability to security@reconshield.in. To encrypt your report, please request our PGP public key.
2. Triage
Our security response team will acknowledge receipt of your report within 24-48 hours and provide a status tracking ID.
3. Remediation
We aim to investigate and patch confirmed vulnerabilities within 14 business days, coordinating the release of patches.
// SAFE HARBOR & DISCLOSURE POLICY
We believe that responsible security research is vital to keeping the internet safe. If you believe you have discovered a vulnerability, security flaw, or misconfiguration in any ReconShield service or interface, we encourage you to let us know immediately. We promise to collaborate with you to resolve the issue promptly.
// SAFE HARBOR POLICY
We will not take legal action against you or request law enforcement to investigate you if you act in good faith and comply with this policy:
- Provide us with detailed steps to reproduce the vulnerability.
- Avoid accessing, copying, deleting, or modifying user data.
- Avoid launching Denial of Service (DoS) attacks or brute-force tests.
- Give us a reasonable timeframe to remediate before public disclosure.
// NOT IN SCOPE
The following classes of issues are currently outside the scope of our security disclosure policy:
- Spam, phishing, or social engineering of ReconShield users/staff.
- Missing best-practice HTTP headers that do not result in direct exploitability.
- Rate limiting issues on public search and diagnostic interfaces.
// DISCLOSURE REPORT ENVELOPE
When submitting a report, please include: - A clear description of the potential vulnerability. - Exact URLs, HTTP headers, or parameters involved. - Proof of concept (PoC) code or screenshots. - Your name or handle if you wish to be credited.