This repository primarily hosts research logs, tools, write-ups, and artifacts related to responsible security research. It does not distribute production software with ongoing security support.
Vulnerabilities may be identified in referenced open-source components, protocols, or third-party systems discussed in the research. Reports concerning findings in this repository itself (e.g., insecure example code, credential leaks, or repository configuration issues) are welcome.
We take security seriously and appreciate responsible disclosure. If you discover a vulnerability in this repository or any research artifact published here, please report it privately.
Preferred reporting method:
- Use GitHub's "Report a vulnerability" button (under the Security tab) to create a private advisory. This opens a secure channel directly with the maintainer.
- Alternatively, email the details to: jacob.kraniak@protonmail.com
Please include the following in your report:
- A clear description of the vulnerability and its potential impact.
- Steps to reproduce (if applicable).
- Any suggested mitigation or fix.
- Your preferred contact method for follow-up (optional).
Contact information referenced from the public README.md and repository profile:
- Primary: jacob.kraniak@protonmail.com
- GitHub: @jacob-kraniak
- LinkedIn: Jacob Kraniak
- X/Twitter: @jacobsk92
- We follow responsible disclosure principles. Reporters will receive acknowledgment within 3 business days.
- We aim to investigate and coordinate fixes or public disclosure within 90 days (or sooner, depending on severity and complexity).
- Findings related to third-party systems (e.g., vendor products, protocols, or open-source projects referenced in research) will be forwarded to the appropriate VDP/bug bounty program or maintainer where applicable.
- Public disclosure will only occur after the issue is resolved or with explicit coordination.
In scope:
- Issues in repository content (code, configurations, documentation).
- Vulnerabilities discovered during research that affect the published artifacts.
Out of scope:
- Findings in third-party systems without explicit authorization (see repository guidelines on responsible research).
- Denial-of-service, spam, or social engineering reports.
- Issues already publicly known or reported elsewhere.
Thank you for helping keep this research portfolio secure and supporting responsible cybersecurity practices. Valid contributions may be acknowledged in release notes or write-ups (with your permission).
Last updated: May 05, 2026