Vijit Dua

Portfolio

Apps

Projects

Music/YT

Blog

About

Security policy

Repositories (Codebases) where external contributions are welcome, plus contributing guidelines.

TL;DR

  • Security research is welcome on any app or site I run or publish.
  • If the code is not public, use the app, the APIs, and whatever else you can reach.
  • For open source repos on /open-source, feel free to audit the code. That is what it is there for.
  • Identifying and reporting vulnerabilities is permitted; exploiting them is not, and may result in legal action.
  • For serious issues (accounts, data, production), contact /support or [email protected] before posting publicly.
  • Wait until it is fixed before sharing details.
  • A normal bug (broken button, typo) is not a security issue — use in-app feedback, /support, or /open-source/contributing.

What this covers

Security research is welcome on anything I ship.

  • This site, and any app or service I run or publish.
  • Closed source: use the product, hit the APIs, explore what is available to you.
  • Open source (repos on /open-source): read the code. Use that to your advantage.

Discovery vs exploitation

Identifying and reporting vulnerabilities is permitted. Exploiting them is not. Causing service disruption, accessing or exfiltrating data without authorization, or otherwise acting on a vulnerability against users or systems crosses into exploitation and may result in legal action.

If it is serious

Accounts, data, or production at risk — reach out privately first.

  • Contact /support or [email protected] with enough detail that I can reproduce it.
  • Do not post exploit steps, tokens, or user data in public.
  • Give me time to fix it before you go public.

Not security

Credit

Helpful reports sometimes get a mention on /contributions. No bounties yet — just thanks when it is deserved.