Responsible Disclosure

This policy is intended to give guidance for submitting potential security issues (vulnerabilities) discovered on Red Letter Days website.

Following the responsible disclosure process allows us to take appropriate steps to address any vulnerabilities, thereby protecting our customers and systems.

The scope of this policy includes: *.redletterdays.co.uk

If you have identified a vulnerability that you wish to disclose, we ask that you:

• Email security@redletterdays.com with a detailed summary, including the type of vulnerability, how you can exploit it and what the impact is.
• Don't access unnecessary, excessive or significant amounts of data.
• Only use your own accounts to demonstrate impact. Don't target any of our customers’ accounts.
• Please do not discuss or post vulnerabilities without our consent (including blog posts, PoC's on YouTube and Vimeo).
• Don’t run any automated tools against our website or APIs (examples include, but are not limited to, Nikto, Burp scanner, Nessus, etc).
• Don’t target our physical security, perform any social engineering, denial of service, spam or target applications of third parties, or otherwise break any laws.

What you can expect from us:

• We'll respond to you within 5 working days acknowledging your report.
• We'll keep you up-to-date as we investigate and address your report.