Security and Responsible Disclosure
If you identify a vulnerability or security issue, report it privately so it can be triaged, reproduced, and remediated without exposing users or infrastructure.
Reporting channel
Send details to:
pablo@centraldecomunicacion.es
Include the subject tag [Security] to prioritize review.
Recommended report details
- Affected URL(s) and clear description of observed behavior.
- Steps to reproduce.
- Potential impact (confidentiality, integrity, or availability).
- Relevant evidence (screenshots, logs, or controlled proof of concept).
Safe testing rules
Do not run tests that degrade service availability (for example, denial-of-service activity). If broader validation is needed, contact us first to coordinate a safe testing window.
Reports are prioritized by severity, exploitability, and real user impact.
Disclosure workflow
- Acknowledgment target: within 3 business days.
- Initial severity assessment: usually within 7 business days.
- Mitigation or fix window: prioritized by risk and technical complexity.
- Coordinated disclosure: publish details only after remediation is deployed.
Data handling and scope
Include only the minimum evidence required to validate the issue. Do not share credentials, personal data, or third-party confidential information in your report.
This process currently does not include a paid bug bounty. Verified reports still help improve reliability, indexability, and user safety across the public website.