Magrathean UK

Vulnerability Disclosure Policy

How to report security issues and share sensitive findings securely.

Report via email Download PGP key

Scope & Expectations

Scope for testing and reporting.

Included

  • magrathean.uk and subdomains serving static content.
  • .well-known endpoints such as security.txt and health.json.

Excluded

  • Third-party platforms (Cloudflare, GitHub, etc.).
  • Social engineering, denial-of-service, or spam-focused testing.

Testing Guidelines

  • Respect privacy and avoid access to real data.
  • Use non-destructive techniques and low-volume testing.

Coordinated Disclosure Process

Concise, coordinated reporting.

  1. Send a summary to contact@magrathean.uk with impact and steps.
  2. Encrypt sensitive data using the PGP key on this page.
  3. Expect acknowledgement and updates through remediation.

Encryption & Sensitive Data

Use the published public key for sensitive data.

Fingerprint Verification

  • Fingerprint: 9FC3 CD61 B4BD 8EAB 3AB0 9AF9 AB37 8BBC EEBD 1701.
  • Verify locally with gpg --fingerprint contact@magrathean.uk.

Data Handling

  • Shared data is deleted after remediation.
  • No data is forwarded without explicit approval.

Safe Harbor

Good-faith research within scope is permitted.

What Safe Harbor Covers

  • Testing limited to scope and respectful disclosure.
  • Deletion of any data accessed inadvertently.

What It Does Not Cover

  • Threats, extortion, or data leaks.
  • Activities violating applicable laws.