############################################################################### # # # HELLO, SECURITY RESEARCHERS! # # # ############################################################################### Please read this file before reporting a security issue to us! ############################################################################### # # # ABOUT US # # # ############################################################################### We're a small UK-based non-profit, entirely run and staffed by a team of unpaid volunteers, providing services at-cost - free or cheaply - to charities. WE ARE NOT EQUIPPED TO PAY BOUNTIES. We take security seriously and appreciate responsible disclosure. We'll try to fix any legitimate issues you report as quickly as possible. Please note that we're unable to respond to every email we receive, but we will always reply to valid, ACTIONABLE, security reports. Don't get a response? Then we probably filed your report as a duplicate or otherwise invalid. Sorry! ############################################################################### # # # LIMITATION OF SCOPE # # # ############################################################################### Please think twice before using automated tools to bulk-scan our site. We know how to use Metasploit et al, so you'll probably only find things we're already aware of. Also we actively detect and block obvious scanning patterns - you'll likely hit active firewall rules pretty quickly! Please restrict your exploration to the following domains: - www.3r.org.uk - beta.3r.org.uk - www.threerings.org.uk ############################################################################### # # # CONTACTING US # # # ############################################################################### Thanks for taking the time to read this file completely before getting in touch. You can email us on: security@threerings.org.uk