Security & Disclosure Policy
I value the work of the security research community. If you have discovered a vulnerability in one of my applications or infrastructure, please report it responsibly so we can protect users together.
Responsible Disclosure Guidelines
To encourage responsible reporting, I ask that you follow these ground rules:
- Safe Harbor: I will not pursue legal action or report research to law enforcement if you follow these rules in good faith.
- Scope: In scope targets include *.khawarahemad.com, *.iqamaprint.com Please do not target third-party services.
- No Destruction: Do not attempt to access, modify, or delete user data. Do not execute volumetric DDoS attacks or automated high-rate scanning.
- 90-Day Disclosure window: Please grant me 90 days to patch and verify the vulnerability before publishing details of the threat vector.
Where to Submit Reports
Send full proof-of-concept reports to my primary security mailbox. Please encrypt the mail if sharing sensitive exploits.
security@khawarahemad.comEncrypted Communication (PGP)
Use my public key to submit encrypted reports. This prevents disclosure leaks in transit.