EKSNEKS

Sécurité et divulgation.

Date d’effet : 13 July 2026 Dernière mise à jour : 13 July 2026 EDGENOVA LLC
BROUILLON — en attente de validation juridique avant utilisation publique.

01Signaler une vulnérabilité

We welcome reports from security researchers. Send findings to [email protected] with the affected URL, reproduction steps, and any proof-of-concept. We reply within 3 business days and coordinate disclosure with you.

A machine-readable security.txt file is available at /.well-known/security.txt (RFC 9116).

02Politique de sphère de sécurité

Good-faith security research is welcome. We will not pursue civil or criminal action against researchers who: (a) act within the scope defined below, (b) do not disrupt service, (c) do not access or exfiltrate customer data beyond the minimum needed to prove impact, and (d) give us reasonable time to fix the issue before public disclosure.

03Périmètre

Dans le périmètre
  • eksneks.com, leader.eksneks.com, mail.eksneks.com (public web + API surfaces)
  • All /wp-json/eksneks/* REST endpoints
  • Public-facing infrastructure and DNS misconfigurations
Hors périmètre
  • Denial-of-service, resource-exhaustion or rate-limit brute force
  • Physical or social-engineering attacks against staff or contractors
  • Missing HTTP headers without demonstrated impact
  • SPF/DKIM/DMARC configuration for domains we do not administer
  • Third-party vendor issues (report directly to the vendor)

04Reconnaissance

We maintain a hall of fame for researchers who report valid issues and follow this policy. Financial rewards are considered on a case-by-case basis for high-impact findings.

05Clé PGP

For sensitive reports, our PGP public key fingerprint is published at /.well-known/security.txt. Encrypt your report to that key before sending.