Main Menu

Report a security concern

Found a security issue? We appreciate your help in keeping e4usa secure! Please fill out the form below or send your report to security@e4usa.org with as much detail as possible about what you found and how to reproduce it. For sensitive information, we encourage using our PGP key (available at https://e4usa.org/.well-known/pgp-key.txt) to encrypt your message.

We're proud to adhere to the security.txt standard – our security.txt file can be found at https://e4usa.org/.well-known/security.txt and its signature at https://e4usa.org/.well-known/security.txt.sig.

We'll acknowledge your report within 24 hours and keep you updated as we look into it. Thank you for helping protect our community!

Scope

We're particularly interested in vulnerabilities that could affect:

  • The security or privacy of our users' data.
  • The integrity of our educational content and resources.
  • Authentication and authorization systems.
  • Our web applications and infrastructure.

Please note that certain testing activities are not permitted:

  • Denial of service attacks.
  • Physical or social engineering attempts.
  • Testing of third-party applications or services we use.
  • Automated scanning tools that could impact site performance.

Safe Harbor

We follow a responsible disclosure process and will not take legal action against security researchers who:

  • Make good faith efforts to avoid privacy violations, data. destruction, and service interruption.
  • Only access data necessary to demonstrate the vulnerability.
  • Do not share discovered vulnerabilities with others before we've had a chance to address them.
  • Follow our reporting guidelines and give us reasonable time to respond.

Please note that while we greatly value security research and contributions from the security community, as a small nonprofit, we do not currently offer a bug bounty program. We do commit to:

  • Acknowledging researchers who help improve our security.
  • Keeping researchers informed about the progress of their reports.
  • Working to fix verified vulnerabilities in a timely manner.
  • Giving credit (if desired) when we fix reported issues.

When Reporting

Please include:

  1. A clear description of the vulnerability.
  2. Steps to reproduce the issue.
  3. Potential impact of the vulnerability.
  4. Any ideas you have for mitigating the issue.
  5. Your contact information for follow-up communications.

We aim to respond to initial reports within 24 hours and will provide regular updates as we investigate and address reported vulnerabilities.

Back to Top