Security Policy

Guidelines for responsible security vulnerability reporting and our commitment to protecting your data.

Building secure systems through community collaboration

Responsible Security Reporting

We will investigate legitimate reports and make every effort to quickly resolve any vulnerability. To encourage responsible reporting, we will not take legal action against you nor ask law enforcement to investigate you providing you comply with the following guideline:

Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.

How to Report Security Issues

Report to Our Security Team

security@upstateweeklynews.com

This email address is monitored by our technical team and will receive priority attention for security-related issues.

What to Include in Your Report

Required Information

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Affected URL or system component
  • Your contact information

Additional Details (Helpful)

  • Severity assessment
  • Potential impact description
  • Screenshots or proof of concept
  • Suggested remediation steps

Our Response Process

1

Acknowledgment

We'll confirm receipt of your report within 24 hours

2

Investigation

Our team will assess and reproduce the issue

3

Resolution

We'll develop and implement a fix

4

Follow-up

We'll notify you when the issue is resolved

Our Security Commitment

Technical Safeguards

  • • HTTPS encryption for all communications
  • • Regular security updates and patches
  • • Secure coding practices and code reviews
  • • Regular backup and disaster recovery procedures
  • • Access controls and authentication protocols

Operational Security

  • • Staff security training and awareness
  • • Incident response and monitoring
  • • Third-party security assessments
  • • Compliance with industry standards
  • • Regular security audits and testing

Activities We Don't Allow

While we encourage responsible security research, the following activities are not permitted:

  • • Accessing, modifying, or deleting data that doesn't belong to you
  • • Performing denial of service attacks or load testing
  • • Social engineering attacks against our staff or customers
  • • Physical attacks against our facilities or equipment
  • • Running automated vulnerability scanners without permission
  • • Testing on production systems that could affect service availability

Security Researcher Recognition

We appreciate the security research community and recognize responsible researchers who help us improve our security posture. Depending on the severity and impact of the vulnerability:

  • • Public acknowledgment on our website (with your permission)
  • • Direct communication with our technical team
  • • Coordination on disclosure timeline
  • • Consideration for future security consulting opportunities

Security Questions or Concerns?

We take security seriously and are here to address any concerns or questions you may have.

Security Vulnerabilities

Report security issues responsibly

security@upstateweeklynews.com

General Security Questions

Questions about our security practices

info@upstateweeklynews.com

Account Security

Issues with your account access

Contact Support

Emergency Security Issues: For critical vulnerabilities that pose immediate risk to user data or system security, please mark your email as "URGENT" and we will respond within 4 hours.