Security Policy

Introduction

The owner of cruicky.uk will gladly accept notification of security issues. Please read the following guide first before searching for or reporting issues.

Scope

The following IP addresses are within scope:

Any device with an IPv4 address within the /28 range of the IPv4 address of this web server
Any device with an IPv6 address within the /48 range of the IPv6 address of this web server

The following services are within scope:

Any service with an open TCP or UDP port within the IP address ranges listed above
The cruicky.uk forward DNS zone
The reverse DNS zones which serve the IP address ranges listed above

Automated Scanning

Whilst automated scanning is PERMITTED, please interpret the results of your scanning activity to ensure a potential issue is being reported. Copy and paste from scanning tools without any explanation is frowned upon. Additionally, please do NOT:

Use excessive amounts of bandwidth, ideally keeping below 1Mbit/sec
Use any aggressive scanning techniques, such as attempting to brute force the IPv6 address space

Reporting Issues

Please use the email address and encryption public key listed in the security.txt file on this web server in the well known location.

Bounties

It is highly unlikely that any bounties will be awarded for any security issues that are reported and confirmed, as this is a personal domain with no commercial element. In exceptional circumstances, if a high impact issue is reported and confirmed, whilst not guaranteed, a bounty may be awarded. The final decision to award a bounty rests with the owner of cruicky.uk.

Last updated: 13/12/2019

World IPv6 Day Cruicky.uk Banner

This page does not set any cookies.