Cloud Security Office Hours Banner

🔒 Security Policy

How to responsibly disclose security vulnerabilities related to the CSOH website and community resources.

Security Vulnerability Disclosure Policy

About CSOH: Cloud Security Office Hours is a volunteer-run community for cloud security professionals. We are not a company and do not produce software products or services. This policy covers security issues related to our website (csoh.org) and community resources only.

Scope

This security policy applies to vulnerabilities found in:

Out of Scope

The following are NOT covered by this policy:

What We Consider a Security Vulnerability

We take security seriously and welcome reports of genuine security issues, including:

How to Report a Vulnerability

If you discover a security vulnerability on csoh.org, please report it responsibly:

Preferred method: Email us at admin@csoh.org or reach out to one of the community organizers during our Friday Zoom session.

What to include in your report:

⏱ What to Expect

As a volunteer-run community, our response times may vary:

Our Commitment

If you report a security issue in good faith, we will:

Responsible Disclosure Guidelines

When researching and reporting vulnerabilities, please:

Recognition

While we don't offer bug bounties (we're an all-volunteer community with no funding), we deeply appreciate responsible disclosure. With your permission, we'll:

Security.txt

This policy is also published in machine-readable format according to RFC 9116:

https://csoh.org/.well-known/security.txt

Contact

For security-related inquiries:

Note: This policy may be updated periodically. Last updated: May 23, 2026.