Report Channel
Email: security@thecandidategroup.ltd
Security.txt: /.well-known/security.txt
Preferred language: English (en)
Responsible Disclosure Security
We appreciate coordinated vulnerability reports. Please follow the guidance below to help us investigate quickly and protect all users of The Candidate Group platform.
What to Include
- Vulnerability type and affected URLs/hosts
- Clear, reproducible steps (PoC)
- Expected vs actual behaviour
- Any logs, screenshots, or harmless payloads
- Safe test accounts only (no user data exfiltration)
Rules of Engagement
- No service disruption or data destruction (DoS is out of scope).
- No access to other users’ data; use your own test data.
- No social engineering or physical intrusion.
- Respect rate limits and legal boundaries.
Our Commitment
- Acknowledge your report within 3 business days.
- Provide a remediation path or decision within a reasonable timeframe.
- Credit (Hall of Fame) with consent after fix & coordinated disclosure.
Transparency API
We publish acknowledgments in a machine-readable format for dashboards and programmatic consumption.
Preview (first 2 entries)
Loading preview…
Hall of Fame
We’re grateful to researchers who help protect our users. After fixes are deployed, we list acknowledgments here.
- (Your name here)