← nicolasjpsanchez.com

Disclosure

Security

This is a static personal portfolio. The attack surface is small, but I take security seriously. It's literally my job.

How to report

If you find a vulnerability, please disclose it responsibly. Email me directly before publishing anything publicly.

Security contact security@nicolasjpsanchez.com

What to expect

I'll acknowledge your report within 3 business days and keep you updated as I work toward a fix. Once resolved, I'm happy to credit you publicly if you'd like.

Scope

In scope
  • nicolasjpsanchez.com
  • All subpages and assets
  • Contact form behavior
Out of scope
  • Cloudflare infrastructure
  • Formspree service
  • Google Fonts CDN
  • Social media accounts

Ground rules

Please don't access, modify, or exfiltrate data beyond what's needed to demonstrate the issue. Don't perform denial-of-service testing. This is a personal site with no bug bounty, but a genuine thank-you and public credit are on the table.

security.txt

This site publishes a machine-readable disclosure policy at /.well-known/security.txt per RFC 9116.