Responsible Disclosure Policy

Purpose

We welcome reports of security vulnerabilities so we can protect users and improve the security of our website and services.

Scope

In scope:

• lauraotto.nl and its pages
• API endpoints we operate (e.g. contact form, waitlist)

Out of scope:

• Third-party services we do not control
• Social engineering of our staff or visitors
• Physical attacks

Rules of engagement

Please:

• act in good faith and avoid privacy violations, data destruction, and service disruption;
• do not access or modify data that is not your own;
• do not use automated scanning at a rate that could degrade service;
• provide enough detail to reproduce and verify the issue.

What to include in a report

• affected product/page and environment
• steps to reproduce
• expected vs actual result
• proof-of-concept (if safe)
• impact assessment
• any suggested remediation

How to report

Send reports to: lauraottosolutions@gmail.com

If you need to send sensitive material, request our PGP key first.

Our commitments

• We will acknowledge receipt within 5 business days.
• We will triage and validate reports as quickly as possible.
• We will keep you informed on progress where appropriate.
• We will credit you publicly if you request it (optional).

Safe harbor

If you follow this policy, we will not pursue legal action against you for your research. This does not grant permission to act outside applicable law or this policy.

← Back to portfolio