How to report a security issue — and what you can expect from us
The short version: We welcome reports of security vulnerabilities. Email tim.j.rice@fairtprm.com with the details, give us a reasonable time to fix the issue before disclosing it publicly, and act in good faith — and we will not pursue legal action against you. This policy also appears in our security.txt.
Fair TPRM ("we," "us," or "our") takes the security of our website and software seriously. We value the work of security researchers and the broader community in helping us keep our users safe. This Vulnerability Disclosure Policy explains how to report a vulnerability to us, what is in and out of scope, and what you can expect in return.
This policy applies to security vulnerabilities discovered in:
Because Fair TPRM is self-hosted software, individual deployments run on infrastructure we do not control. If you find a vulnerability in a specific third-party installation, please report it to the operator of that installation. Report issues in the software itself to us using the details below.
Please send your report by email to tim.j.rice@fairtprm.com. To help us triage and resolve the issue quickly, please include where possible:
When investigating and reporting an issue, we ask that you:
The following are generally not considered valid vulnerabilities under this policy unless you can demonstrate a realistic security impact:
We consider security research and vulnerability disclosure conducted in accordance with this policy to be authorized and beneficial. If you make a good-faith effort to comply with this policy during your research, we will:
If legal action is initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known. This safe harbor does not apply to activity that is malicious, that intentionally harms our users, or that violates applicable law.
When you report a vulnerability in good faith, we will make our best effort to:
We do not currently operate a paid bug-bounty program, so reports are not eligible for monetary rewards. We are, however, sincerely grateful for your contributions.
If you need to send us sensitive information as part of a report, please contact us first at tim.j.rice@fairtprm.com and we will arrange a secure channel.
We may update this policy from time to time. Changes are effective when posted to this page, and we will update the "last updated" date below.
Report a security issue
Email tim.j.rice@fairtprm.com. Machine-readable details are published in our security.txt file.
Last updated: July 2026.