Security Disclosure

Last updated: March 26, 2026

Responsible disclosure

If you've found a security issue on this website or in one of my public repositories, I'd appreciate hearing about it. I'm a security professional — I take these things seriously, and I'll treat your report with respect.

How to report

Send an email to info@davidandersson.se — encrypted with my PGP key if you prefer. A useful report includes:

• What the vulnerability is and what it could lead to
• Steps to reproduce
• Any supporting evidence (screenshots, logs, proof-of-concept)

What to expect

I'll acknowledge your report as soon as I can — typically within a few days. I'll keep you posted on progress and will credit you (with your permission) when a fix is published.

Ground rules

Please:

• Give me reasonable time to address the issue before going public
• Don't exploit the vulnerability beyond what's needed to demonstrate it
• Don't access or modify other people's data
• Act in good faith

Safe harbor

Security research conducted in line with these guidelines is welcome. I won't pursue legal action against anyone acting in good faith under this policy.