Security Policy

Last updated: March 7, 2026

Reporting Security Vulnerabilities

At DiscoverNext, we take security seriously. If you discover a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Please report security vulnerabilities to: [email protected]

What to Report

We encourage you to report any security vulnerabilities, including but not limited to:

  • Cross-site scripting (XSS)
  • SQL injection
  • Authentication and authorization flaws
  • Server-side request forgery (SSRF)
  • Remote code execution (RCE)
  • Cross-site request forgery (CSRF)
  • Insecure direct object references
  • Sensitive data exposure
  • Security misconfigurations

How to Report

When reporting a security vulnerability, please include:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • The potential impact of the vulnerability
  • Any proof-of-concept code or screenshots (if applicable)
  • Your contact information for follow-up questions

What to Expect

  • We will acknowledge receipt of your report within 48 hours
  • We will provide an initial assessment within 7 business days
  • We will keep you informed of our progress in addressing the vulnerability
  • We will notify you when the vulnerability has been resolved
  • With your permission, we may credit you for the discovery

What NOT to Do

Please do not:

  • Access or modify user data without permission
  • Perform any actions that could harm our users or services
  • Disclose the vulnerability publicly before we've had a chance to address it
  • Use automated scanning tools that may impact our services
  • Violate any laws or breach any agreements

Security Best Practices

We follow industry best practices to secure our platform:

  • Regular security audits and penetration testing
  • Keeping all dependencies and software up to date
  • Implementing secure coding practices
  • Using HTTPS for all communications
  • Implementing proper authentication and authorization
  • Regular backups and disaster recovery planning
  • Monitoring and logging security events

Security Headers

We implement various security headers to protect our users:

  • Content-Security-Policy: Restricts resource loading to prevent XSS attacks
  • Strict-Transport-Security: Forces HTTPS connections
  • X-Frame-Options: Prevents clickjacking attacks
  • X-Content-Type-Options: Prevents MIME type sniffing
  • Referrer-Policy: Controls referrer information sharing
  • Permissions-Policy: Restricts browser features

Data Protection

We are committed to protecting user data:

  • All sensitive data is encrypted in transit and at rest
  • We follow GDPR and other applicable data protection regulations
  • Regular security assessments of our infrastructure
  • Limited access to sensitive data on a need-to-know basis
  • Secure password storage using industry-standard hashing

Contact

For security-related inquiries, please contact us at:

Email: [email protected]

Security.txt: /.well-known/security.txt

This security policy may be updated from time to time. We will notify users of any material changes.