EKSNEKS

Security & disclosure.

Effective date: 13 July 2026 Last updated: 13 July 2026 EDGENOVA LLC
DRAFT β€” pending legal counsel review before public reliance.

01Report a vulnerability

We welcome reports from security researchers. Send findings to [email protected] with the affected URL, reproduction steps, and any proof-of-concept. We reply within 3 business days and coordinate disclosure with you.

A machine-readable security.txt file is available at /.well-known/security.txt (RFC 9116).

02Safe-harbour policy

Good-faith security research is welcome. We will not pursue civil or criminal action against researchers who: (a) act within the scope defined below, (b) do not disrupt service, (c) do not access or exfiltrate customer data beyond the minimum needed to prove impact, and (d) give us reasonable time to fix the issue before public disclosure.

03Scope

In scope
  • eksneks.com, leader.eksneks.com, mail.eksneks.com (public web + API surfaces)
  • All /wp-json/eksneks/* REST endpoints
  • Public-facing infrastructure and DNS misconfigurations
Out of scope
  • Denial-of-service, resource-exhaustion or rate-limit brute force
  • Physical or social-engineering attacks against staff or contractors
  • Missing HTTP headers without demonstrated impact
  • SPF/DKIM/DMARC configuration for domains we do not administer
  • Third-party vendor issues (report directly to the vendor)

04Recognition

We maintain a hall of fame for researchers who report valid issues and follow this policy. Financial rewards are considered on a case-by-case basis for high-impact findings.

05PGP key

For sensitive reports, our PGP public key fingerprint is published at /.well-known/security.txt. Encrypt your report to that key before sending.