Please note that this program does not offer rewards for bug submissions as
CFP Time is just a small personal project.
This disclosure program is limited to assets in the scope found in the next section.
Scope is currently: https://www.cfptime.org __
Automated tools are tolerated for the moment as long as you do not cause network/service disruption for me or third-parties. Testing must not cause issues for other organisations such as hosting providers, network operators or ISPs.
Let me know of any potential vulnerabilities as soon as possible and I will
make every effort to resolve the issue quickly.
Share with me the full details of any vulnerability including steps to reproduce if applicable.
Provide me a reasonable amount of time to fix the issue before disclosure to the public or a third-party.
Try to avoid degradation of service, destruction of data or privacy violations.
I will make every effort to abide by HackerOne's disclosure guidelines: https://hackerone.com/disclosure-guidelines
While researching, please do not attempt the following:
Thank you shown at: https://hackerone.com/cfptime/thanks
Please note that this program does not provide monetary rewards for bug submissions.
Researchers who submit non-issues, false issues or purely opinion-based issues may not be thanked publicly.
Thank you for helping keep CFP Time safe and happy CFPing!
Contact us if you want more information.