Skip to content

Security: Harery/Mo

Security

SECURITY.md

Security Policy

Reporting a vulnerability

If you believe you have found a security issue in the source code of this repository or in the live site at harery.com, please report it privately.

Contact: mohamed@harery.com

Please include:

  • A clear description of the issue and its impact.
  • Steps to reproduce (URLs, payloads, request/response samples).
  • Any proof-of-concept code or screenshots.
  • Your name / handle if you would like to be credited.

You can expect:

  • An acknowledgement within 3 business days.
  • An initial assessment within 7 business days.
  • Coordinated disclosure once a fix is shipped — credit on request.

Please do not open public GitHub issues for security reports, and please do not perform automated scanning that materially degrades the live site.

Scope

In scope:

  • The source code in this repository.
  • The production site at https://harery.com.

Out of scope:

  • Findings that require physical access, social engineering, or compromise of third-party services (Vercel, GitHub, DNS providers).
  • Best-practice/informational findings without demonstrable impact (e.g. missing speculative headers on static assets).
  • Volumetric / DoS testing.

Safe harbour

Good-faith research that follows this policy will not result in legal action. Thank you for helping keep the site safe.

There aren't any published security advisories