hsam.net / security
Security & Disclosure
HSAM.net is maintained by the Institute for Civil Memory, the nonprofit section of GLC / Gwyn Legacy. This page summarizes practical security posture without exposing sensitive infrastructure details.
01 — Posture
Practical controls
Security practices may include access control, least-privilege permissions, account separation, credential hygiene, encryption where applicable, backups where applicable, logging/monitoring where applicable, update review, abuse prevention, and operational documentation.
Specific controls vary by service, client agreement, risk profile, and deployment environment.
02 — Disclosure
Responsible security reports
Report suspected vulnerabilities through Support or Contact. Please include affected URL/service, reproduction steps, impact, timestamps, and your contact information. Do not access, copy, modify, delete, or disclose data that is not yours.
03 — Incident Handling
Review and response
When a report is received, the team may validate scope, preserve relevant logs, reduce exposure, contact affected clients or users where appropriate, coordinate remediation, and update operational documentation. Public status, disclosure timing, and remediation details depend on severity, legal obligations, client agreements, and safety risk.
04 — Boundaries
No unauthorized testing
Do not run denial-of-service tests, credential attacks, persistence, exploitation, lateral movement, data exfiltration, social engineering, or physical attacks. Good-faith reports are welcome; unauthorized testing is not permission to attack or disrupt systems.
Security reports should be submitted through Contact or Support with a clear security-report label in the message. HSAM.net does not publish a public bug bounty program.