// Security
Responsible Disclosure
Last updated: March 2026 · Version 1.0
NixSec Labs is a security firm. We take the security of our own infrastructure seriously and support the security research community. If you have discovered a vulnerability in our systems or website, we want to know about it.
// 01 — How to Report
Please send vulnerability reports to:
Encrypt sensitive reports using our PGP key, available on request. Include a clear description of the vulnerability, steps to reproduce, and any proof-of-concept material.
// 02 — In Scope
- nixsec.se and subdomains
- Client-facing web properties operated by NixSec Labs
- API endpoints associated with NixSec services
// 03 — Out of Scope
- Denial of service attacks
- Social engineering of NixSec personnel
- Physical security testing of NixSec facilities
- Automated scanning without prior agreement
- Third-party services not under NixSec Labs' control
// 04 — Our Commitments
If you report a valid vulnerability in good faith, we commit to:
- Acknowledge receipt of your report within 72 hours
- Provide a remediation timeline within 14 days
- Not pursue legal action against you for good-faith research within scope
- Credit you in our acknowledgements (if you wish)
// 05 — What We Ask of You
- Do not access, modify, or delete data that is not yours
- Do not disclose the vulnerability publicly before we have remediated it (90-day coordinated disclosure)
- Do not use the vulnerability to affect third parties
- Act in good faith throughout
// 06 — Acknowledgements
Researchers who responsibly disclose valid vulnerabilities will be credited on this page (with permission). We currently have no public credits to list.
// Ready to Engage
Certified. Operators. Ready.
Initial assessment is confidential and obligation-free. Senior operator reply within 24 hours.
Initiate Audit →