Security Policy
Vulnerability Disclosure Policy
This site welcomes responsible disclosure of security vulnerabilities.
If you discover a security issue, please contact me:
Contact:
dragonrster@foxmail.com
PGP Key: Available upon request for encrypted communication.
Principles
Do not exploit vulnerabilities to cause damage, modify data, or disrupt service availability.
Do not publicly disclose vulnerability details until we confirm the fix is complete.
Allow reasonable time for remediation (typically 30-90 days, depending on severity).
Provide sufficient detail for us to reproduce and fix the issue.
Scope
This policy covers the following assets:
www.dragonrster.cn — Main site and all sub-pages
web_server.py — Custom HTTP server
cgi-bin/ — All CGI scripts (guestbook, editor, search, toolbox, stats)
Out of Scope
Third-party services (moe.dragonrster.cn counter, Neocities badges, etc.)
Subdomain takeover of expired domains
Social engineering attacks
DoS/DDoS attacks
Acknowledgments
Confirmed and fixed vulnerabilities will be acknowledged on this page
(unless you prefer to remain anonymous). No external vulnerability
reports have been received yet — you could be the first!
|
