Security Vulnerability Disclosure Policy

Militia Marketing – Security Disclosure Policy

Militia Marketing is committed to maintaining the security and integrity of our systems, products, and services. We welcome responsible disclosure of potential vulnerabilities from external researchers, partners, and the broader community.

Reporting a Vulnerability

If you believe you have identified a security vulnerability, please report it to:

Email: security@militia.marketing

To help us triage efficiently, please include:

  • A clear description of the issue

  • Steps to reproduce the vulnerability

  • Any supporting materials (screenshots, logs, proof-of-concept)

  • The potential impact, if known

Our Commitment

  • Acknowledgment: We aim to acknowledge receipt of reports within 24–48 hours.

  • Triage & Investigation: Reports are reviewed promptly and routed to the appropriate internal teams.

  • Remediation: Valid vulnerabilities are prioritized based on severity and impact.

  • Communication: We will maintain communication as appropriate throughout the process.

Scope

This policy applies to vulnerabilities affecting:

  • Public-facing websites (including militia.marketing)

  • Associated services and infrastructure operated by Militia Marketing

Guidelines

We ask that researchers:

  • Act in good faith and avoid privacy violations, data destruction, or service disruption

  • Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue

  • Do not access, modify, or exfiltrate data belonging to others

  • Allow us reasonable time to investigate and remediate before public disclosure

Safe Harbor

Militia Marketing will not pursue legal action against individuals who:

  • Discover and report vulnerabilities in good faith

  • Follow this policy and avoid causing harm

Out of Scope

The following are generally considered out of scope:

  • Denial-of-service (DoS/DDoS) testing

  • Social engineering attacks (phishing, pretexting)

  • Physical security testing

  • Issues requiring access to another user’s account without proof of exploitability

  • Missing security headers or best-practice recommendations without demonstrated impact

Updates

This policy may be updated periodically. The latest version will always be available at:
https://militia.marketing/security