Responsible disclosure
Security matters here.
If you believe you have found a security issue involving Trophonios, please report it privately and provide enough detail to reproduce it.
How to report an issue
Email security@trophonios.com with the affected hostname or URL, a clear description, reproduction steps, and the likely impact. Avoid including secrets or personal data unless they are essential to the report.
The machine-readable disclosure record is available at /.well-known/security.txt.
Good-faith guidelines
- Do not access, modify, retain, or disclose another person’s data.
- Do not use denial-of-service, social engineering, spam, or automated destructive testing.
- Stop testing when you confirm a vulnerability and report it promptly.
- Allow reasonable time for investigation and remediation before public disclosure.
Scope and expectations
Only systems under the trophonios.com domain are in scope. Third-party services, upstream software, and availability-only findings are outside this policy. This is a small, privately operated environment, so no bug bounty or monetary reward is offered.