Security Policy

Vulnerability Disclosure & Responsible Reporting — Admin

Contact

Report vulnerabilities: security@admin.com

Preferred Languages: en

Scope

Our Vulnerability Disclosure Program covers the following assets:

admin.com and all subdomains
api.admin.com
app.admin.com
Official Admin desktop & mobile applications

Out of Scope: Third-party services, social media profiles, denial-of-service attacks, and social engineering/phishing attempts.

Reporting Guidelines

Please include the following when submitting a report:

Detailed description of the vulnerability
Clear reproduction steps
Severity assessment & potential impact
Proof-of-concept (non-destructive)
Your preferred contact method

Do not access, modify, or exfiltrate user data. Restrict testing to proof-of-concept only.

Response Timeline

We acknowledge reports within 24 hours. Critical issues are prioritized for immediate patching. You will receive status updates throughout remediation. Once resolved, we will notify you and may publicly acknowledge your contribution (anonymity respected upon request).

Safe Harbor & Acknowledgments

Good-faith reporting is protected and will not be subject to legal action. View recognized contributors at: https://admin.com/security/hall-of-fame

Last updated: 2025-01-15 | Canonical: /.well-known/security.txt