Disclosure

Security coordination.

Use this page to find the public reporting path and the expectations for safe, reviewable coordination. Detailed policy and internal procedure remain on the documentation site.

Public Site
pclsecurity.com
Documentation
docs.pclsecurity.com
Tools API
tools.pclsecurity.com
Processing
Local browser tools

Contact Path

Send security coordination mail to [email protected]. The machine-readable contact record is at /.well-known/security.txt; the public OpenPGP key is at /pgp/security.asc.

Report Contents

A useful first report identifies the affected vendor or product, impact, affected version or surface when known, authorization basis, and a safe follow-up path.

Initial Boundaries

Do not send credentials, customer data, private telemetry, production secrets, exploit payloads, or third-party confidential material until a controlled path exists.

Authorization

PunchCard Labs cannot authorize testing of third-party systems. Authorization must come from the responsible owner or a clearly applicable public program.