myuuid.shop

Security

myuuid.shop welcomes reports of vulnerabilities affecting our service. This page describes how to report an issue and what to expect in response.

Reporting a vulnerability

Email security@myuuid.shop with a description of the issue, reproduction steps, and any supporting material. Please do not disclose the issue publicly until we have had a reasonable opportunity to investigate and remediate.

What we commit to

  • Acknowledge receipt within two business days.
  • Provide an initial assessment within five business days.
  • Keep you informed of remediation progress.
  • Credit you in any public disclosure, if you wish to be named.

Scope

In scope:

  • The myuuid.shop web application.
  • The api.myuuid.shop API and authentication surface.
  • Quota enforcement, key handling, and verification correctness.

Out of scope:

  • Volumetric or denial-of-service testing.
  • Third-party services we depend on (please report directly to those vendors).
  • Reports based solely on automated scanner output without a demonstrated impact.

Safe harbor

If you make a good-faith effort to comply with this policy during your research, we will consider your activity to be authorized and will not pursue legal action against you for it.