Security Policy

Responsible disclosure and vulnerability reporting.

1. Report a Vulnerability

If you discover a security vulnerability on WarDek, we encourage you to report it responsibly.

Email: [email protected]

Encrypt your message with our PGP key if possible.

2. Response Times

Acknowledgment

Within 48 business hours

Initial assessment

Within 5 business days

Fix

Within 90 days (depending on severity)

3. Scope

In scope:

wardek.io and its subdomains
WarDek public API (api.wardek.io)
Web application and dashboard

Out of scope:

Social engineering / phishing
Denial of service attacks (DoS/DDoS)
Vulnerabilities in third-party services

4. Disclosure Rules

Do not access other users' data
Do not perform destructive testing
Give us a reasonable time to fix before public disclosure
Act in good faith and in compliance with the law

5. Researcher Protection

We commit not to pursue legal action against security researchers who act in good faith, stay within the defined scope, and follow the responsible disclosure rules.