mara_vesk

contact

Open a secure channel.

mara@workstation:~$ gpg --encrypt --armor message.txt

The fastest way to reach me is the form below or encrypted email. If you're reporting a vulnerability, please read thedisclosure policy first and encrypt anything sensitive to the PGP keyon this page.

$ compose --message

This form validates and confirms in your browser; no message actually leaves this page. For real reports, use the encrypted email below.

$ cat disclosure-policy.txt

How I handle what you send me.

If you're reporting a vulnerability — in my work, my tooling, or something you'd like a second opinion on — here's what to expect.

Coordinated by default

I work to a 90-day disclosure window from first contact, extendable by agreement when a fix is genuinely in progress. Active in-the-wild exploitation can shorten it.

Encrypt the sensitive parts

Send proof-of-concept code, exploit details, or credentials encrypted to the PGP key above. A plaintext summary to start the conversation is fine.

Credit where it's due

If you report something to me, you get named in the advisory unless you ask to stay anonymous. I don't take credit for other people's findings.

Good-faith safe harbor

Research conducted in good faith against my own systems — without privacy violation, data destruction, or service disruption — will not be met with legal action.