Disclosure
Security coordination.
Use this page to find the public reporting path and the expectations for safe, reviewable coordination. Detailed policy and internal procedure remain on the documentation site.
- Public Site
- pclsecurity.com
- Documentation
- docs.pclsecurity.com
- Tools API
- tools.pclsecurity.com
- Processing
- Local browser tools
Contact Path
Send security coordination mail to [email protected]. The machine-readable contact record is at /.well-known/security.txt; the public OpenPGP key is at /pgp/security.asc.
Report Contents
A useful first report identifies the affected vendor or product, impact, affected version or surface when known, authorization basis, and a safe follow-up path.
Initial Boundaries
Do not send credentials, customer data, private telemetry, production secrets, exploit payloads, or third-party confidential material until a controlled path exists.
Authorization
PunchCard Labs cannot authorize testing of third-party systems. Authorization must come from the responsible owner or a clearly applicable public program.