Reporting Security Vulnerabilities

Masada Hardening takes security seriously. Reports of security vulnerabilities in Masada Hardening products or the website are welcomed and appreciated.

How to Report

Submit security vulnerability reports via the Contact page with:

Required Information

  • Subject: Security Vulnerability Report
  • Description: Clear description of the vulnerability
  • Steps to reproduce: Detailed reproduction steps
  • Impact assessment: Potential security impact
  • Contact information: For follow-up communication

Response Timeline

Expected Response Times

  • Initial acknowledgment: Within 48 hours
  • Assessment update: Within 7 business days
  • Resolution timeline: Based on severity

Responsible Disclosure

When reporting vulnerabilities:

  • Allow time for remediation before public disclosure
  • Avoid accessing or modifying customer data
  • Do not perform denial of service attacks
  • Do not use automated vulnerability scanners without permission

Recognition

Security researchers who report valid vulnerabilities may be:

  • Acknowledged on the website (with permission)
  • Thanked publicly (with permission)

Monetary bounties are not currently offered but may be considered for critical vulnerabilities.

Scope

This policy covers:

  • Masada Hardening Server Edition
  • Masada Hardening Hosting Edition
  • The masadahardening.com website
  • Associated infrastructure

Out of Scope

The following are out of scope:

  • Denial of service attacks
  • Social engineering
  • Physical security
  • Third-party services and integrations

Safe Harbor

Protection for Researchers

Security researchers acting in good faith are protected from legal action when:

  • Following this disclosure policy
  • Making good faith efforts to avoid privacy violations
  • Not exploiting vulnerabilities beyond proof of concept

Report a Security Vulnerability

Use the Contact page with “Security Vulnerability Report” as the subject.

Contact

Last Updated: January 6, 2025