Trust
Vulnerability disclosure
If you find a security problem in Tender Gazette, tell us at security@tendergazette.com. Include enough detail to reproduce it. Machine-readable details live at /.well-known/security.txt.
What we promise
- Acknowledgement within 3 working days, and updates until it's resolved.
- Good-faith research is safe here: report responsibly, give us reasonable time to fix, and we will not pursue legal action.
- Credit in our corrections/security log if you want it, anonymity if you don't.
Out of scope
- Denial of service and volumetric testing.
- Social engineering of our staff or suppliers.
- Automated scanner output with no demonstrated impact.