The Bucky Box Responsible Disclosure Policy

Please email to report any security vulnerabilities. We will acknowledge receipt of your vulnerability report and strive to send you regular updates about our progress. If you're curious about the status of your disclosure please feel free to email us again. If you want to encrypt your disclosure email please email us to ask for our PGP key.

Please refrain from requesting compensation for reporting vulnerabilities. If you want we will publicly acknowledge your responsible disclosure. We also try to make the confidential issue public after the vulnerability is announced.

You are not allowed to search for vulnerabilities on itself. Bucky Box is open-source software, you can install a copy yourself and test against that. If you want to perform testing without setting up Bucky Box yourself, please contact us to arrange access to a staging server.