กลับหน้าแรก

Security & Responsible Disclosure

อัปเดตล่าสุด: 1 June 2026

Reporting a vulnerability

We welcome responsible disclosure. If you believe you have found a security issue in PortPreview or the ElemOps infrastructure, email [email protected] with details and reproduction steps. For the open-source CLI, you may also use GitHub security advisories.

Please give us a reasonable time to investigate and fix the issue before any public disclosure.

Scope

In scope: https://portpreview.com, the tunnel gateway, and the open-source CLI at https://github.com/elemops/portpreview. Out of scope: third-party services we link to, social engineering, volumetric DoS, and findings that require a compromised device.

What to expect

  • We aim to acknowledge reports within a few business days.
  • We will keep you updated as we triage and remediate.
  • We are happy to credit reporters who want recognition.

Safe harbor

If you make a good-faith effort to follow this policy, we will not pursue or support legal action against you for your research. Do not access, modify, or delete data that is not yours, and do not degrade the service for others.

How we protect data

Traffic to the site and tunnel gateway uses HTTPS/TLS. The CLI forwards only the local port you choose and does not read unrelated files, environment variables, or secrets. Analytics data is pseudonymous and minimized.