Responsible Disclosure Policy
At WhatIsMyIPAddress.com, we take the security of our systems and the privacy of our users very seriously. We are committed to working collaboratively with the security community to identify and resolve vulnerabilities in our systems. This Responsible Disclosure Policy outlines the process by which security researchers and individuals can report security issues to us in a responsible and ethical manner.
We believe that responsible disclosure of vulnerabilities helps to improve the security of our products and services and ensures a safer experience for all users.
We define a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity or availability of our services.
Our Compact with Researchers
- Trust: We prioritize trust and confidentiality in our interactions with security researchers. We ask that you report potential vulnerabilities responsibly, ensuring that you provide sufficient time and relevant information for our team to validate and address the issue.
- Respect: We value the expertise of security researchers and appreciate your efforts in helping us keep our users secure. During your testing, we ask that you take care to avoid privacy violations, disruptions to our production systems, degradation of the user experience, or any loss of data.
- Transparency: We are committed to working with you to verify and resolve any vulnerabilities you report, in line with our focus on security and privacy. Please provide the necessary technical details and context to help our team understand and address the issue effectively.
- Common Good: We handle reported vulnerabilities with the goal of safeguarding the security and privacy of all potentially affected individuals. We ask that you refrain from public disclosure until we have had adequate time to investigate and remediate the issue.
How to Report a Suspected Vulnerability
We ask that security researchers share the details of any suspected vulnerabilities via email to [email protected]. Our team will acknowledge receipt of each vulnerability report within 2 business days, conduct a thorough investigation, and then take appropriate action. At a minimum, please include the following information with your initial submission:
- Vulnerability classification (Critical/High/Medium/Low)
- Short description
- Steps to reproduce (please be as detailed as possible; include screenshots if applicable)
- Asset/URL
- Date and time of your testing
We value the research community. Contributions from researchers like you can help protect the privacy and security of services. WhatIsMyIPAddress.com does not offer a bounty program or provide compensation in exchange for security vulnerability submissions.