Introduction

This Vulnerability Disclosure Policy applies to any vulnerabilities you are considering reporting related to return-path.dk. We recommend reading this policy fully before proceeding to report a vulnerability and always acting in compliance with it.

Note: This is a private system. Unauthorized access to this system is strictly prohibited and considered unlawful.

Reporting Guidelines

What to Report

• How you discovered the vulnerability
• A detailed description of the vulnerability
• Steps for reproducing the vulnerability
• The affected component(s) or system(s)

How to Report

Report vulnerabilities by sending an email to [Your Secure Email Address specific to return-path.dk].

Encryption

For secure communication, please use our PGP key, which can be found here.

Scope

• return-path.dk
• xs4none.net
• xdisclosure.net
• infiniteme.dk
• dotm.dk

Safe Harbor

To encourage vulnerability reporting, we commit that we will not take legal action against you in relation to your report provided you fully comply with this policy.

What We Will Do

Upon receiving your vulnerability report, we commit to:

• Acknowledge your report within [time-frame]
• Investigate and attempt to reproduce the issue
• Keep you informed about our progress
• Correct the issue as quickly as possible depending on severity and complexity
• Optionally, publicly acknowledge your responsible disclosure (if you agree)