null: The Open Security Community

Vulnerability Disclosure

null community encourages security researchers to responsibly disclose security vulnerabilities affecting any of null community portal or infrastructure

Please send your vulnerability reports to security [at] null [dot] co [dot] in or fill the form available at https://forms.gle/zT2yDMBWE7UuVhLU7 for faster response(Recommended)
Researchers reporting valid vulnerabilities will be credited in the Hall of Fame
null is a non-profit open security community. We DO NOT offer any monetary reward for reporting security vulnerabilities

General guidelines for reporting vulnerability

Must have a demonstrable security impact for null community
Provide technical details with screenshots where applicable
Provide your name/nick/handle which you want to be quoted for credit in Hall of Fame page

Hall of Fame Exceptions (Not eligible for Hall of fame listing)

Mixed content warning
There is an active issue in swachalit issue log https://github.com/null-open-security-community/swachalit/issues/99
Please feel free to add list of url's in it if you spot any and we will work on it as we can to fix it holistically.
Logout CSRF
We do not consider this as a bug in line with Google https://bughunters.google.com/learn/invalid-reports/web-platform/csrf-clickjacking/5072689380982784/csrf-in-the-logout-handler
If you are seriously interested in helping us fix this bug feel free to send a pull request : https://github.com/null-open-security-community/swachalit