Vulnerability Disclosure Policy

The Shri Gurudev Ranade Samadhi Trust is deeply committed to maintaining the security and integrity of our digital infrastructure. We welcome and appreciate the efforts of ethical security researchers who responsibly disclose vulnerabilities to us, helping protect our community and digital assets.

Scope of Engagement

The following domains and assets are considered in-scope for security testing:

• *.shrigurudevranade.org
• Our public-facing application infrastructure
• Associated API routing and functions

Rules of Engagement

To ensure the safety of our users and the stability of our services, we ask that you strictly adhere to the following guidelines while conducting security research:

• No Disruptive Testing: Do not perform Denial of Service (DoS/DDoS), spamming, or any testing that impairs our service availability.
• Respect Privacy: Do not access, modify, delete, or exfiltrate any user data. If you encounter user data during testing, halt immediately and report the vulnerability.
• No Social Engineering: Do not target our staff, volunteers, or users via phishing, vishing, or physical security attacks.
• Coordinate Responsibly: Please provide us a reasonable amount of time to patch the vulnerability before disclosing it publicly.

How to Report a Vulnerability

If you believe you have discovered a security vulnerability, please contact our engineering team directly.

In your report, please include clear, step-by-step instructions to reproduce the issue, the potential impact, and any relevant screenshots or HTTP request logs. Our team will acknowledge receipt of your report as quickly as possible.