Between The Hacks (BTH) is committed to creating a secure experience for all users and to supporting the security research community. If you discover a security vulnerability that affects any of our content, services, or infrastructure, we encourage you to report it responsibly.
This policy applies to:
Public-facing domains and subdomains operated by Between The Hacks (betweenthehacks.com, bth.news, ckd3.com)
Cloud-hosted services used for email, storefront, forms, or community interaction
Any content or resources hosted under the BTH brand
We welcome responsible disclosures sent to:
π§ Email: [email protected]
π Download our PGP Public Key
π Also available in our security.txt file
π§Ύ PGP Fingerprint: 5BFA 3CDA 4FD6 3C3A CD06 139B 7E37 62BE 76DB 56E9
Please include:
A clear description of the issue
Steps to reproduce (if applicable)
Any supporting material (e.g., proof-of-concept code or screenshots)
The affected URL, service, or component
We support anonymous submissions, but response times may vary if follow-up isnβt possible.
If your report adheres to this policy:
We will not pursue legal action against you
We will acknowledge receipt within 3 business days
We will investigate and resolve valid issues as quickly as possible
We will credit you publicly if you wish, once the issue is resolved
To stay within safe harbor, please do not:
Attempt denial-of-service (DoS or DDoS) attacks
Access, modify, or delete data that doesnβt belong to you
Use automated tools that may degrade service
Engage in phishing, social engineering, or physical security testing
Last updated: April 2025