Back to directory
Dro
Dro Vulnerability Disclosure Policy
Mar 23, 2026
Contact
Normal responsible disclosure. You can always publicly talk about the bug after I fix it, which will typically be within a few days of me seeing your email. (Only if you abuse the weakness beyond what is necessary to demonstrate its existence or cause harm, I reserve the right to file a police report or seek damages.) Because I am not a commercial organisation, there is no budget for bug bounties, but you can expect my everlasting gratitude and a thank-you message on the website if you desire.
Policy URL
security.txt
Safe Harbor
None
Public Disclosure
No
Attention: The policy information on this page has not been verified by the organization.
The information on this page has been assembled from public sources, not confirmed by the organization itself. Treat it as our best effort estimate of how they accept and handle security disclosures, not a commitment from them. Always verify against the organization's own published policy before acting. If this notice is showing, the organization has not signed in to attest that they offer coordinated disclosure or rewards. Until they do:
- Safe Harbor — Not attested. Assume NO SAFE HARBOR until you perform your own verification.
- Disclosure — Not attested. Assume NO DISCLOSURE ALLOWED until you perform your own verification.
- Rewards — Not attested. Assume NO REWARDS. Do not approach the organization asking for money or swag.
18%
21.7 / 120
security.txt
Analyzed Mar 28, 2026
Core (1/9)
Published Policy
security.txt
Contact Information
Safe Harbor (any)
Full Safe Harbor
CVD Timeline
Public Disclosure
Defined Scope
Standard Template
Bonus (0/3)
Offers Bounty
Offers Swag
Hall of Fame
