Responsible disclosure
Send suspected public-site security issues to the published contact channel with affected URL, reproduction steps, impact, and your contact details.
Security Disclosure
Security reporting should be clear, narrow, and responsible.
Security disclosure page for Stellar IT Support covering responsible reporting, prohibited testing, evidence handling, and public-site security posture.
No harmful testing
Do not perform denial-of-service, social engineering, credential attacks, destructive testing, data access attempts, or testing against third-party systems.
Minimal data
Reports should avoid including personal data or secrets. Provide enough evidence to reproduce and verify the issue safely.
Triage path
Valid reports are reviewed, prioritized by impact, and remediated with verification evidence.