KFC

Please rotate your device

We don't support landscape mode yet. Please go back to portrait mode for best experience

Responsible Disclosure Policy:

This page is for security researchers interested in reporting application security vulnerabilities.

If you have reported an issue determined to be within program scope, is determined to be a valid security issue, and you have followed program guidelines, ResponsibleDisclosure.com will recognize your finding and you will be allowed to disclose the vulnerability after a fix has been issued. Please refer all questions to ResponsibleDisclosure.com portal.

Typical Vulnerabilities Accepted:

  • OWASP Top 10 vulnerability categories
  • Infrastructure vulnerabilities
  • Other vulnerabilities with demonstrated impact

Typical Out of Scope:

  • Theoretical vulnerabilities
  • Informational disclosure of non-sensitive data
  • Low impact session management issues
  • Self XSS (user defined payload)

For a full list of program scope please visit the Responsible Disclosure details page.

Responsible Disclosure Guidelines:

  • Adhere to all legal terms and conditions outlined at responsibledisclosure.com
  • Work directly with ResponsibleDisclosure.com on vulnerability submissions
  • Provide detailed description of a proof of concept to detail reproduction of vulnerabilities
  • Do not engage in disruptive testing like DOS or any action that could impact the confidentiality, integrity or availability of information and systems
  • Do not engage in social engineering or phishing of customers or employees
  • Do not request compensation for time and materials or vulnerabilities discovered
Our website is designed to work in portrait mode.
Kindly rotate your device.