At Digitoimisto Dude, we offer hosting and upkeep for our clients. Most of them lack comprehensive knowledge of security or privacy issues. That’s why we ask you to report the security issues directly to us.
After receiving a disclosure, we will let all affected customers know about that with all the necessary details included. If the disclosed issue is severe or the reporter asks us, we’ll ensure that the client acknowledges receipt of the information directly to the reporter.
To protect our customers, we request that you do not publicly post or share any information about disclosed issues until we have researched, responded to, and addressed the reported issue and informed customers.
The following things are not eligible for security reports, as we’ve taken other precautions to mitigate the possible problems:
- Open REST API /users/ endpoint
- Open author archives (user enumeration)
- Sites under subdomains that are not under our control or servers
- Public archived GitHub repositories
- Reveal.js based or any other repository for presentations
- The lack of visible rate limits on forms