jimididit

Security Policy

Last Updated: November 18, 2025

This security policy outlines how security vulnerabilities should be reported for jimididit.com and related services.

Reporting Security Vulnerabilities

I take the security of jimididit.com seriously. If you discover a security vulnerability, I appreciate your help in disclosing it to me in a responsible manner.

Please report security vulnerabilities by emailing:

Email: security@jimididit.com

You can also reference the security.txt file for the most up-to-date contact information.

What to Include in Your Report

To help me understand and address the vulnerability quickly, please include:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • The potential impact of the vulnerability
  • Any proof-of-concept code or screenshots (if applicable)
  • Your contact information (optional, but helpful for follow-up questions)

Response Timeline

I will make every effort to:

  • Acknowledge receipt of your report within 48 hours
  • Provide an initial assessment within 7 days
  • Keep you informed of the progress toward resolution
  • Notify you when the vulnerability has been addressed

Please note that as a personal project, response times may vary depending on the severity and complexity of the issue.

Scope

In Scope

  • jimididit.com website and its subdomains
  • API endpoints (e.g., /api/*)
  • Authentication and authorization mechanisms
  • Data exposure vulnerabilities
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • SQL injection
  • Server-side request forgery (SSRF)
  • Remote code execution

Out of Scope

  • Social engineering attacks
  • Physical security issues
  • Denial of service (DoS/DDoS) attacks
  • Spam or phishing attempts
  • Issues requiring physical access to devices
  • Vulnerabilities in third-party services or dependencies (please report to the vendor)
  • Issues related to email security (SPF, DKIM, DMARC) unless they directly impact the website
  • Content spoofing or text injection issues without security impact
  • Missing security headers that don't directly lead to a vulnerability
  • Self-XSS (user attacking themselves)
  • Clickjacking on pages without sensitive actions

Safe Harbor

I support responsible disclosure. If you act in good faith and follow this security policy:

  • I will not pursue legal action against you
  • I will work with you to understand and resolve the issue quickly
  • I will recognize your contribution (if you wish) after the vulnerability is resolved

However, the following activities are prohibited:

  • Accessing or modifying data that does not belong to you
  • Performing any actions that could harm the service or its users
  • Disclosing the vulnerability publicly before it has been resolved
  • Using automated scanners that generate significant traffic
  • Violating any laws or breaching any agreements

Recognition

With your permission, I would be happy to recognize your contribution to the security of jimididit.com. This may include:

  • Listing your name (or handle) on an acknowledgments page
  • Mentioning your contribution in security-related communications
  • Crediting you in any security advisories related to your finding

Recognition is entirely optional and at your discretion. You can choose to remain anonymous if you prefer.

Questions

If you have questions about this security policy or need clarification on whether something is in scope, please don't hesitate to reach out at security@jimididit.com.

← Back to Home