Responsible Disclosure

Guidelines for responsibly reporting potential vulnerabilities.

Effective date2026-02-25
Last updated2026-02-25
Version1.2.0

How to Report

Report suspected vulnerabilities to security@kettlelogic.example and include affected URLs, reproduction steps, impact, and any proof-of-concept details.

Testing Expectations

Only perform non-destructive testing. Do not access another user’s data, degrade service availability, or use social engineering or physical intrusion methods.

Disclosure Process

Kettle Logic will acknowledge receipt, investigate, and coordinate remediation timelines. Public disclosure should wait until fixes are deployed or approved.

Safe Harbor

Kettle Logic will not pursue legal action for good-faith research performed under this policy and applicable law. Researchers must promptly stop activity upon request.

PGP Key Placeholder

-----BEGIN PGP PUBLIC KEY BLOCK----- Version: Placeholder Comment: Replace with production key mQENBGPLACEHOLDERBCAD... -----END PGP PUBLIC KEY BLOCK-----

Change log

2026-02-25 - Added disclosure workflow and non-destructive testing expectations.
2026-02-22 - Added PGP placeholder block and safe harbor text.