Responsible disclosure
At Speakers Academy, we consider the security of our systems important. However, there might be a vulnerability. If you discover one, please let us know. This way, we can better protect our speakers, customers, and visitors together.
Report Your Findings Like This
Send your report to disclosure@speakersacademy.com.
We ask you to:
- Report your findings as quickly as possible.
- Keep the report confidential until we have resolved the issue.
- Provide enough information so we can replicate the problem. Usually, a description of the vulnerability and the involved address is sufficient. In complex cases, we might ask for more.
What We Ask You Not to Do
Help us without causing damage. So:
- Do not place malware.
- Do not alter or delete data.
- Do not change system settings.
- Do not perform brute-force attacks.
- Do not initiate denial-of-service attacks.
What We Promise You
If you follow these rules, we will do the following:
- We will respond within 5 business days. You will receive our assessment of the report and an estimated date for the solution.
- We will handle your report confidentially. We will not share your information with others without your consent.
- You may also report anonymously or under a pseudonym.
- We will keep you informed of the progress.
- If you wish, we can acknowledge you as the discoverer in a publication about the issue.
- We appreciate your help. We may offer a reward for a report, depending on the severity of the vulnerability and the quality of your report.
- We are happy to collaborate on a publication once the issue is resolved.
Our goal is to resolve each issue as quickly as possible. We would like to involve you in that process.
Reports We Close
Some reports are not taken into account. These are:
- Known vulnerabilities in WordPress or plugins that already have a CVE.
- The public xmlrpc or wp-cron API.
- Missing SPF or DMARC records.
About This Policy
This policy is under a Creative Commons Attribution 3.0 license. It is based on the example from Floor Terra.