Vulnerability Disclosure Program

Responsible Disclosure Policy for nflfixtures.com

Last Updated: June 24, 2025

The security of our users and our website, nflfixtures.com, is a top priority. We welcome the contributions of security researchers and the broader community in helping us keep our platform safe. This policy outlines our guidelines for finding and reporting security vulnerabilities.

If you believe you have found a security vulnerability in our service, we encourage you to report it to us in a responsible manner.

Scope

This policy applies to the publicly accessible website and services under the nflfixtures.com domain.

  • https://www.nflfixtures.com and its subdomains.

Any service not expressly listed above is out of scope.

Guidelines and Rules of Engagement

We ask that you act in good faith and follow these guidelines:

  • Do not engage in any activity that could harm our website, our users, or our infrastructure. This includes, but is not limited to:
    • Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks.
    • Social engineering (including phishing) of our staff or users.
    • Physical attempts against our property or data centers.
  • Do not access, modify, or exfiltrate any data that does not belong to you. If you inadvertently access user data, please stop immediately and report it to us.
  • Do provide us with a reasonable amount of time to investigate and resolve the issue before any public disclosure.
  • Do provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue may not be eligible for recognition.

Safe Harbor

When conducting vulnerability research according to this policy, we consider this research to be authorized and will not initiate legal action against you. If a third party initiates legal action against you for activities conducted in accordance with this policy, we will take steps to make it known that your actions were in compliance with this policy.

How to Report a Vulnerability

If you have discovered a potential security vulnerability, please send a detailed report to us at:

Please include the following in your report:

  • A clear description of the vulnerability, including its potential impact.
  • The specific URL or location where the vulnerability was found.
  • Detailed, step-by-step instructions to reproduce the vulnerability.
  • Any proof-of-concept code, screenshots, or screen recordings.

Our Commitment

To any researcher who submits a valid vulnerability report in accordance with this policy, we commit to:

  • Acknowledging receipt of your report in a timely manner.
  • Providing an estimated timeframe for addressing the vulnerability.
  • Notifying you when the vulnerability has been fixed.

Please note that we do not offer a bug bounty program or provide monetary rewards for vulnerability disclosures at this time. However, we are happy to provide public recognition for your contribution, should you wish.

We thank you for helping keep nflfixtures.com and our users safe.