Security
We take the security of our readers, volunteers, and infrastructure seriously.
Reporting a vulnerability
If you discover a security issue affecting obbytimes.com or our systems, please report it responsibly.
Email: [email protected]
PGP: Available on request for sensitive reports.
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Your contact information (optional)
We aim to acknowledge reports within 48 hours and provide a status update within seven business days.
Scope
In scope:
- obbytimes.com and subdomains
- Our GitHub repositories (public)
- Email infrastructure used by @obbytimes.com addresses
Out of scope:
- Third-party services we link to but do not operate
- Social engineering against individual volunteers
- Denial-of-service attacks
Safe harbor
We will not pursue legal action against researchers who:
- Act in good faith
- Avoid privacy violations and data destruction
- Give us reasonable time to remediate before public disclosure
Data protection
We do not collect reader data through our website. We use encrypted connections and standard hosting practices to keep the site available and secure. See our Privacy Policy for details.
Security updates
Material security incidents affecting the site or email we hold will be disclosed on this page and via our status page.