Responsible Disclosure Policy

Effective Date: May 30, 2025

Last Updated: May 30, 2025

At The Lowrider City Rockers, we take security seriously and welcome reports from the security community. If you believe you've discovered a security vulnerability on our website or related services, we encourage you to let us know right away.

We aim to respond quickly and take necessary steps to address any reported issues.

How to Report

Please send vulnerability reports to: [email protected]

Include as much detail as possible, such as:

• A clear description of the issue
• Steps to reproduce the vulnerability
• Any relevant screenshots or logs
• Any potential impact
• Suggested fixes or mitigations (optional but appreciated)

What We Ask From You

• Do not publicly disclose the issue before we've had a reasonable opportunity to fix it.
• Do not exploit the vulnerability beyond what is necessary to demonstrate it.
• Do not access or modify user data that is not your own.
• Comply with all applicable laws during your testing.

Out of Scope

The following issues are generally not considered security vulnerabilities:

• Missing SPF/DMARC records
• Clickjacking on non-sensitive pages
• Version disclosure banners
• Self-XSS (exploiting yourself)
• Rate limiting and CAPTCHA bypasses (unless significantly exploitable)

Thank you for helping keep out website secure!