Security
Responsible disclosure policy for Kunj - Senior Security Engineer.
Reporting a vulnerability
If you discover a security issue in this site or its source, please report it privately. Do not open a public issue for security vulnerabilities.
- Email: [email protected]
- Or open a private advisory: GitHub Security Advisories
Please include:
- A description of the issue and its impact
- Steps to reproduce (proof-of-concept if possible)
- Affected URL(s), component, or commit
You can expect an initial acknowledgement within 5 business days. Valid reports are triaged and addressed as quickly as is practical, and I'm happy to credit reporters who request it.
Scope
This site is a personal portfolio and blog. In-scope concerns include cross-site scripting, content injection, security-header misconfiguration, dependency vulnerabilities, and information disclosure. Denial-of-service testing against the live site is out of scope.
Supported versions
Only the latest deployed version of main is supported.
Machine-readable contact details are published at /.well-known/security.txt (RFC 9116). The canonical policy source lives in SECURITY.md.