Security Policy
Last updated: March 31, 2026
Vulnerability Reporting
SecurePride takes security vulnerabilities seriously. If you discover a security vulnerability, please report it responsibly to security@securepride.org rather than disclosing it publicly.
Note: This is a template security policy. You must customize this document to reflect SecurePride's actual security practices, including specific vulnerability disclosure procedures, response timelines, and any bug bounty program details. Consult with your security team to ensure this policy aligns with your organization's practices.
Responsible Disclosure
When reporting a vulnerability, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Your contact information for follow-up
We commit to acknowledging your report within 48 hours and providing a timeline for resolution.
Scope
This security policy covers all SecurePride systems, including but not limited to:
- securepride.org website and subdomains
- SecurePride platform infrastructure
- Official SecurePride applications
Out of Scope
The following are explicitly out of scope for vulnerability reports:
- Third-party services and platforms
- Social engineering attacks
- Attacks requiring physical access
- Vulnerabilities in dependencies without a clear SecurePride impact
Bug Bounty Program
SecurePride values the contributions of security researchers. While we do not currently offer a formal bug bounty program, we recognize and credit all responsible vulnerability disclosures. Researchers who discover and responsibly report vulnerabilities may be acknowledged in our Hall of Honor.
Security Contact
For all security matters, contact:
Email: security@securepride.org