Responsible Disclosure
Help us keep LatinaCon safe by reporting security vulnerabilities responsibly.
Scope
This policy covers the LatinaCon web application (latinacon.com), including authentication, payment processing, user data handling, and APIs. We welcome reports about vulnerabilities that could compromise user data, bypass authentication, or affect the integrity of our platform.
Safe Harbor
We will not take legal action against researchers who discover and report vulnerabilities in good faith, following the guidelines below. We consider security research conducted under this policy to be authorized and will work with you to understand and resolve issues quickly.
Guidelines
- Do not disrupt services, degrade performance, or destroy data.
- Do not access, modify, or delete data belonging to other users.
- Do not use social engineering, phishing, or physical attacks against our staff or users.
- Report vulnerabilities as soon as possible after discovery.
- Allow reasonable time for us to address the issue before public disclosure.
Out of Scope
- Denial of service (DoS/DDoS) attacks.
- Social engineering attacks against staff or users.
- Physical attacks against our offices or data centers.
- Vulnerabilities in third-party services or libraries (report those to the respective vendor).
- Spam or SEO injection issues.
Report a Vulnerability
Use the form below to submit your report. We aim to acknowledge reports within 3 business days and provide an initial assessment within 10 business days.