A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: mailto:contact@blvnkcanvas.com
Contact: https://blvnkcanvas.com/contact
Expires: 2026-08-01T00:00:00.000Z
Encryption: https://blvnkcanvas.com/.well-known/pgp-key.txt
Preferred-Languages: en
Canonical: https://blvnkcanvas.com/.well-known/security.txt
Policy: https://blvnkcanvas.com/security-policy
Acknowledgments: https://blvnkcanvas.com/security-thanks

# BLVNK CANVAS Security Policy
# 
# We welcome security researchers to report vulnerabilities responsibly.
# 
# SCOPE:
# - blvnkcanvas.com (main website)
# - medusa.blvnkcanvas.com (API backend)
# - All subdomains of blvnkcanvas.com
#
# OUT OF SCOPE:
# - Third-party services (Stripe, email providers)
# - Social engineering attacks
# - Physical security
# - Denial of service attacks
#
# REWARD:
# - Public acknowledgment on our security page
# - Direct communication with our development team
# - Potential bug bounty rewards for critical vulnerabilities
#
# RESPONSE TIME:
# - Initial response: 24-48 hours
# - Status updates: Weekly
# - Fix timeline: Based on severity (Critical: 7 days, High: 30 days)
#
# Please provide:
# - Detailed description of the vulnerability
# - Steps to reproduce
# - Potential impact assessment
# - Proof of concept (if applicable)
#
# Thank you for helping keep BLVNK CANVAS secure!