SentriWatch

Vulnerability Disclosure Policy

SentriWatch welcomes responsible security research and coordinated disclosure.

How to Report

  • Email: sharperdrz400sm@gmail.com
  • Use subject: [Security Report]
  • Include affected endpoint/page, reproduction steps, and impact summary
  • Include screenshots, request/response samples, and timestamps when possible

Safe Harbor

  • Do not access, modify, or exfiltrate data that does not belong to you
  • Do not perform denial-of-service or availability-disrupting tests
  • Do not use social engineering, phishing, or physical intrusion techniques
  • Test only against accounts and assets you own or have explicit permission to test

Response Targets

  • Acknowledgment: within 1 business day
  • Triage decision: within 3 business days
  • Status updates: at least every 7 days until closure

Disclosure Process

  • 1. Receive report and confirm scope/impact
  • 2. Reproduce and assign severity
  • 3. Build and validate remediation
  • 4. Deploy fix and monitor for regression
  • 5. Coordinate public disclosure when appropriate

This policy is aligned with our Trust Center and RFC 9116 security.txt contact method.