Vulnerability Disclosure Policy

Our Commitment to Security

At MAKR, we take security seriously. We appreciate the efforts of security researchers who help us identify and address potential vulnerabilities in our systems. This policy outlines how to report security issues and what you can expect from us.

Scope

This policy applies to:

• The main website: makr.tech
• All subdomains of makr.tech
• The AI Roadmap Generator tool
• The Maturity Assessment tool

How to Report

Responsible Disclosure Guidelines

• Do not access, modify, or delete data that doesn't belong to you
• Do not perform denial of service (DoS/DDoS) attacks
• Do not use social engineering or phishing
• Do not publicly disclose the vulnerability before we've had a reasonable time to fix it
• Do give us reasonable time to respond (typically 90 days)
• Do act in good faith to avoid privacy violations and data destruction

What You Can Expect

• Acknowledgment of your report within 48 hours
• Regular updates on our progress
• Credit in our acknowledgments section (if desired)
• We will not take legal action against researchers acting in good faith
• A timeline for addressing the issue

Out of Scope

The following are not considered vulnerabilities:

• Issues in third-party services or dependencies
• Social engineering attacks
• Physical security issues
• Missing security headers on non-sensitive pages
• Clickjacking on pages without sensitive actions
• Rate limiting issues (unless causing significant impact)
• Content spoofing without demonstrable impact

Hall of Fame

We would like to thank the following security researchers for their responsible disclosure: