Responsible disclosure

Security

Security reporting guidance for BinderPlug vulnerabilities and sensitive technical issues.

Contact

Where to report

Send vulnerability reports to [email protected]. This route is for security issues, not ordinary support, deletion requests, trade disputes, or bug reports.

In scope

What belongs here

  • Account takeover paths.
  • Authentication or authorization bypass.
  • Data exposure.
  • Injection, rate-limit bypass, or abuse paths.
  • Dependency vulnerabilities with a BinderPlug impact.

Ground rules

Boundaries

BinderPlug does not currently offer a bug bounty, reward program, or formal safe-harbor commitment. Do not test against real user accounts or production data.