🛡️ Responsible Disclosure Program

Report a Vulnerability

We appreciate your efforts to keep Aevum Encyclopedia secure. If you discover a security issue, please report it responsibly. We pledge to acknowledge your report within 24 hours and work transparently toward resolution.

📩 How to Report

1

Identify & Isolate

Confirm the vulnerability is within our scope. Avoid accessing or modifying other users' data, or performing destructive actions.

2

Encrypt Your Report

Use our PGP public key below to encrypt sensitive details. This ensures end-to-end confidentiality during transit.

3

Submit via Secure Channel

Send your findings to security@aevumencyclopedia.com or use the form below. Include reproduction steps and impact assessment.

🎯 Scope & Boundaries

Asset / Service Status Notes
app.aevumencyclopedia.com In Scope Main application & API endpoints
docs.aevumencyclopedia.com In Scope Developer documentation portal
aevumencyclopedia.com (wildcard) In Scope All subdomains & assets
Third-party integrations Out of Scope Report directly to the vendor
Denial of Service (DoS/DDoS) Out of Scope Not eligible for rewards
Social Engineering / Phishing Out of Scope Not covered by this program

⏱️ Severity & Response Timeline

Critical
Ack: <2 hrs
Fix: <48 hrs

RCE, SQLi, Auth Bypass, Mass Data Leak

High
Ack: <6 hrs
Fix: <7 days

XSS, IDOR, Privilege Escalation

Medium
Ack: <24 hrs
Fix: <30 days

CSRF, Open Redirect, Info Disclosure

Low
Ack: <3 days
Fix: <60 days

Misconfigurations, Minor edge cases

⚖️ Safe Harbor & Legal

Good-Faith Research Protection

Aevum Encyclopedia grants explicit permission for security research conducted within the scope of this program. We will not pursue legal action against researchers who:

  • Report vulnerabilities responsibly through our official channels
  • Refrain from accessing, modifying, or exfiltrating user data
  • Do not perform destructive testing or cause service disruption
  • Keep findings confidential until patches are deployed

We reserve the right to revoke rewards or terminate participation if guidelines are violated. Questions about scope or legal boundaries? Contact security@aevumencyclopedia.com.

🔐 PGP Public Key

Encrypt your submission for maximum security. Fingerprint: A1B2 C3D4 E5F6 7890 AB12 CD34 EF56 7890 1234 5678

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF3xKq8BEADYvZ9L8H2nR7qJ4k9XpL5V2tY6wQ8jN0sK3mR7fH9cL1dE4g
T5uI6vB8nO2pA3qC4rD5sE6tF7uG8vH9wI0xJ1yK2zL3aM4bN5cO6dP7eQ8fR9g
S0hT1iU2jV3kW4lX5mY6nZ7oA8pB9qC0rD1sE2tF3uG4vH5wI6xJ7yK8zL9aM0b
N1cO2dP3eQ4fR5gS6hT7iU8jV9kW0lX1mY2nZ3oA4pB5qC6rD7sE8tF9uG0vH1w
I2xJ3yK4zL5aM6bN7cO8dP9eQ0fR1gS2hT3iU4jV5kW6lX7mY8nZ9oA0pB1qC2r
D3sE4tF5uG6vH7wI8xJ9yK0zL1aM2bN3cO4dP5eQ6fR7gS8hT9iU0jV1kW2lX3m
Y4nZ5oA6pB7qC8rD9sE0tF1uG2vH3wI4xJ5yK6zL7aM8bN9cO0dP1eQ2fR3gS4h
T5iU6jV7kW8lX9mY0nZ1oA2pB3qC4rD5sE6tF7uG8vH9wI0xJ1yK2zL3aM4bN5c
O6dP7eQ8fR9gS0hT1iU2jV3kW4lX5mY6nZ7oA8pB9qC0rD1sE2tF3uG4vH5wI6x
J7yK8zL9aM0bN1cO2dP3eQ4fR5gS6hT7iU8jV9kW0lX1mY2nZ3oA4pB5qC6rD7s
E8tF9uG0vH1wI2xJ3yK4zL5aM6bN7cO8dP9eQ0fR1gS2hT3iU4jV5kW6lX7mY8n
Z9oA0pB1qC2rD3sE4tF5uG6vH7wI8xJ9yK0zL1aM2bN3cO4dP5eQ6fR7gS8hT9i
U0jV1kW2lX3mY4nZ5oA6pB7qC8rD9sE0tF1uG2vH3wI4xJ5yK6zL7aM8bN9cO0d
P1eQ2fR3gS4hT5iU6jV7kW8lX9mY0nZ1oA2pB3qC4rD5sE6tF7uG8vH9wI0xJ1y
K2zL3aM4bN5cO6dP7eQ8fR9gS0hT1iU2jV3kW4lX5mY6nZ7oA8pB9qC0rD1sE2t
F3uG4vH5wI6xJ7yK8zL9aM0bN1cO2dP3eQ4fR5gS6hT7iU8jV9kW0lX1mY2nZ3o
A4pB5qC6rD7sE8tF9uG0vH1w==
=ZxQ9
-----END PGP PUBLIC KEY BLOCK-----

📝 Submit a Report

We'll use this to acknowledge and coordinate fixes. Keep it professional.

Avoid attaching sensitive user data. Use screenshots or logs only if necessary.

By submitting, you agree to our Responsible Disclosure Policy. Reports are encrypted in transit and reviewed by our security team.