Security
Advisory
We value the work of security researchers. This policy outlines our commitment to responsible research and provides a framework for ethical disclosure.
Program Guidelines
We do not operate a paid Bug Bounty program. However, we are committed to acknowledging valid contributions and ensuring that research is conducted under Safe Harbor protections.
Researchers Must
- 01Act in good faith throughout your research
- 02Perform only non-invasive testing necessary to identify the issue
- 03Provide a clear description and steps to reproduce
- 04Allow reasonable time for remediation before any public disclosure
Researchers Must Not
- !!Exploit the vulnerability or access/modify/exfiltrate data
- !!Disrupt services or engage in DDoS/degradation
- !!Perform social engineering or physical security attacks
- !!Bypass security controls or perform intrusive testing
The Approach
Simplicity
Reducing complexity to minimize the attack surface.
Managed Services
Leveraging cloud native security and automated patching.
Identity First
Zero-trust principles applied to every interaction.
Core Principles
Input Validation
Treating all external data as hostile until proven otherwise.
Minimal Exposure
Closing every port and service that isn't mission-critical.
Design for Failure
Ensuring layered defense when a single control fails.
Safe Harbor Commitment
Joshua Olds is committed to ensuring the safety and security of our users and systems. If you conduct your security research and disclosure in accordance with these guidelines, we will consider your research to be authorized. This policy applies strictly to systems operated and controlled by Joshua Olds.
Submission Channel
Direct Disclosure
security@joshuaolds.com