Disclosure Policy

I maintain the following policy of responsible disclosure:

I will announce vulnerabilities via http://security.szurek.pl/.
Vulnerabilities are published if no response is received from the author of the vulnerable product within one week of initial contact.
If response is received, disclosure is coordinated with product vendor.