Dead Man's Hand
Responsible disclosure channel

Security policy / v1.0

Security Policy

A clear, good-faith path for reporting security issues in Dead Man’s Hand. Reports are welcome in English or Ukrainian.

Preferred contact

Reporting a Vulnerability

If you believe you have discovered a security vulnerability in Dead Man's Hand (DMH), please report it to:

[email protected]

Please include

A concise report helps us reproduce, assess, and resolve the issue more quickly.

  1. 01Description of the issue
  2. 02Steps to reproduce
  3. 03Potential impact
  4. 04Proof of concept, if available

Scope

In scope

  • dmh.syntrope.app
  • Public APIs owned by DMH

Out of scope

  • Denial of Service attacks
  • Social engineering
  • Physical attacks
  • Vulnerabilities requiring access to third-party systems

Rules

  1. 1

    Do not access or modify other users’ data.

  2. 2

    Do not perform actions that could impact service availability.

  3. 3

    Use test accounts whenever possible.

  4. 4

    Give us reasonable time to investigate and fix the issue before public disclosure.

Recognition

Researchers who report valid vulnerabilities may be listed on the DMH Security Hall of Fame.

Thank you for helping keep DMH secure.

Security Policy