Level 0 — Not Present

No findable contact, no policy, no intake method.

Source: disclose/dioterms License: CC0-1.0 Replace [bracketed] values with your own.

The organisation has no findable security contact, no security.txt, no disclosed policy, and no public intake method. A researcher discovering a vulnerability has no safe or sanctioned way to report it. From the ecosystem’s perspective, this organisation is effectively invisible — or worse, implicitly hostile to disclosure.

What observers see

  • No /.well-known/security.txt
  • No security@ or equivalent mailbox documented publicly
  • No policy page, no disclosure program, no bug bounty listing
  • No response (or a hostile response) to any informal outreach

Researcher protection

None. A researcher who finds and reports a vulnerability here is relying on goodwill and has no written protections — legal or procedural — whatsoever.

Path to Level 1

Publish a security.txt file at /.well-known/security.txt with at minimum a Contact: line pointing to a monitored mailbox or form. That’s it. You’re now Level 1.