Security

Security Overview

Documents covering security practices, vulnerability disclosure, incident response, and status / availability.

• security-practices — Security practices

• vulnerability-disclosure — Vulnerability disclosure

• incident-response — Incident response

• status-availability — Status / availability

• bug-bounty — Bug bounty

This page explains how Atalie receives and handles security reports.

Reporting channels

• Email: security@atalie.net

• Policy: vulnerability-disclosure — Vulnerability disclosure

• Encryption / keys: vulnerability-disclosure — Vulnerability disclosure (see the encryption / PGP section on that page)

What to include

• Affected URLs or components

• Steps to reproduce

• Expected impact

• Any time sensitivity

Clear reports reduce back-and-forth and speed up response.

Scope

The primary focus is public web assets and configuration where issues would materially affect confidentiality, integrity, or availability.

Out of scope without prior agreement:

• Load or denial-of-service testing

• Social engineering

• Vulnerabilities in unrelated third-party services