Security Policy

Reporting a security breach

We do all we can to keep our systems secure. But it's always possible that you'll spot a weakness we've missed. If you do, please let us know, so that we can do something about it quickly. Reporting problems you come across is known as vulnerability disclosure (also known as coordinated vulnerability disclosure and responsible disclosure).

How to report a problem?

Please mail details to security@homewoodworkplans.com

Include as much information as possible, because that will help us reproduce the problem and put it right. We'd ideally like to have a description of what you discovered, complete with IP addresses, logs, screenshots and so on.

Please include your contact details (phone number or e-mail address), so that we can get in touch if we need to know more.

Other important points

What you do not need to report:

What we'll do

Security.txt

RFC 9116 sets out a straightforward mechanism for organisations to publish their vulnerability disclosure policies and contacts details. The system involves publication of a file called security.txt on the organisation's website, written in a special legible and machine-readable text format. We follow this internet standard ourselves. Our security.txt file is available here: https://homewoodworkplans.com/.well-known/security.txt