πŸ›‘οΈ Security Vulnerability Disclosure Policy

Between The Hacks (BTH) is committed to creating a secure experience for all users and to supporting the security research community. If you discover a security vulnerability that affects any of our content, services, or infrastructure, we encourage you to report it responsibly.

πŸ“Œ Scope

This policy applies to:

  • Public-facing domains and subdomains operated by Between The Hacks (betweenthehacks.com, bth.news, ckd3.com)

  • Cloud-hosted services used for email, storefront, forms, or community interaction

  • Any content or resources hosted under the BTH brand

πŸ” How to Submit a Report

We welcome responsible disclosures sent to:

πŸ“§ Email: [email protected]

πŸ” Download our PGP Public Key

πŸ” Also available in our security.txt file

🧾 PGP Fingerprint: 5BFA 3CDA 4FD6 3C3A CD06 139B 7E37 62BE 76DB 56E9

Please include:

  • A clear description of the issue

  • Steps to reproduce (if applicable)

  • Any supporting material (e.g., proof-of-concept code or screenshots)

  • The affected URL, service, or component

We support anonymous submissions, but response times may vary if follow-up isn’t possible.

🀝 Our Commitment

If your report adheres to this policy:

  • We will not pursue legal action against you

  • We will acknowledge receipt within 3 business days

  • We will investigate and resolve valid issues as quickly as possible

  • We will credit you publicly if you wish, once the issue is resolved

❌ Rules of Engagement

To stay within safe harbor, please do not:

  • Attempt denial-of-service (DoS or DDoS) attacks

  • Access, modify, or delete data that doesn’t belong to you

  • Use automated tools that may degrade service

  • Engage in phishing, social engineering, or physical security testing

Last updated: April 2025

Canonical: https://www.betweenthehacks.com/security-policy