A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: mailto:security@buape.com
Expires: 2027-01-01T18:00:00.000Z


The Buape Studios LLC Terms of Service, found [here](https://www.buape.com/terms), apply in all usage of our services, including but not limited to the use of our Vulnerability Disclosure Program and all security related communications and disclosures. 
Please do not attempt to exploit any vulnerabilities you find beyond what is necessary to demonstrate the issue. Any attempts to exploit vulnerabilities beyond this may result in legal action.

To report a security issue, please email security@buape.com with a full report of the issue you have found, including where you found it and steps to reproduce, in the body of that email.
Once you do, you will receive an email back with steps to proceed from there through our Vulnerability Disclosure Program.
This project follows a 30 day disclosure timeline, and will begin triaging within 24 hours of your report.
Note: We do not currently offer a bug bounty program.