Vulnerability Disclosure

null community encourages security researchers to responsibly disclose security vulnerabilities affecting any of null community portal or infrastructure

  • Please send your vulnerability reports to security [at] null [dot] co [dot] in
  • Researchers reporting valid vulnerabilities will be credited in the Hall of Fame
  • null is a non-profit open security community. We DO NOT offer any monetary reward for reporting security vulnerabilities

General guidelines for reporting vulnerability

  • Must have a demonstrable security impact for null community
  • Provide technical details with screenshots where applicable
  • Provide your name/nick/handle which you want to be quoted for credit in Hall of Fame page

Hall of Fame Exceptions (Not eligible for Hall of fame listing)

  1. Mixed content warning
    There is an active issue in swachalit issue log https://github.com/null-open-security-community/swachalit/issues/99
    Please feel free to add list of url's in it if you spot any and we will work on it as we can to fix it holistically.

  2. Logout CSRF
    We do not consider this as a bug in line with Google https://bughunters.google.com/learn/invalid-reports/web-platform/csrf-clickjacking/5072689380982784/csrf-in-the-logout-handler
    If you are seriously interested in helping us fix this bug feel free to send a pull request : https://github.com/null-open-security-community/swachalit

Last edited: 2022-07-02 14:32:55 +0530