Security Policy

Responsible Disclosure

Source Parts is committed to ensuring the security of our platform and protecting our users' data. We welcome reports from security researchers and ethical hackers who help us identify and fix security vulnerabilities.

Reporting Security Vulnerabilities

If you discover a security vulnerability in our systems, please report it to us responsibly by following these guidelines:

How to Report

• Email us at security@source.parts
• Use our support page and mark your report as "Security Issue"
• Provide a detailed description of the vulnerability
• Include steps to reproduce the issue
• Assess the potential impact of the vulnerability
• Include proof-of-concept code if applicable (non-destructive only)

What to Include

• Vulnerability Details: Clear description of the security issue
• Affected Systems: Which parts of our platform are affected
• Reproduction Steps: Detailed steps to reproduce the vulnerability
• Impact Assessment: Your assessment of the potential impact
• Supporting Evidence: Screenshots, logs, or other evidence
• Contact Information: How we can reach you for follow-up

Our Commitment

When you report a security vulnerability to us, we commit to:

• Acknowledge your report within 48 hours
• Provide regular updates on our investigation progress
• Work with you to verify and understand the vulnerability
• Fix confirmed vulnerabilities in a timely manner
• Credit you appropriately (with your permission) in our security acknowledgments
• Keep you informed throughout the remediation process

Safe Harbor

We will not pursue legal action against security researchers who:

• Follow responsible disclosure practices outlined in this policy
• Act in good faith and avoid privacy violations or destructive behavior
• Do not access or modify data beyond what is necessary to demonstrate the vulnerability
• Do not disrupt our services or degrade user experience
• Provide us with reasonable time to address the vulnerability before public disclosure

Scope

This policy applies to:

• source.parts and all subdomains
• Our web applications and APIs
• Mobile applications (if any)
• Any systems directly operated by Source Parts

Out of Scope: Third-party services, social engineering attacks, physical security issues, or attacks requiring physical access to user devices.

Recognition

We believe in recognizing the valuable contributions of security researchers. Depending on the severity and impact of reported vulnerabilities, we may:

• Publicly acknowledge your contribution (with your permission)
• Include you in our security acknowledgments page
• Provide a letter of appreciation for your responsible disclosure

Contact Information