Responsible Disclosure Policy

The security of our platform and our users' data is our highest priority. If you have discovered a security vulnerability in ModCockpit, we ask you to report it responsibly.

Scope

• *.modcockpit.tv (Website, Relay-Server, Dashboard)
• ModCockpit OBS-Plugin
• ModCockpit Streamer.bot-Plugin

Rules

• No denial-of-service (DoS/DDoS) against our infrastructure
• No access to other users' data
• No public disclosure of vulnerabilities before the fix
• No social engineering attacks against our team or users
• No automated scans without prior agreement

Timeline

• Acknowledgement: within 48 hours
• Assessment: within 5 business days
• Fix target: 90 days (faster depending on severity)

Recognition

We currently do not offer a bug bounty program. Upon request, we will gladly mention you on this page as a thank you for your contribution to ModCockpit's security.

Out of Scope

• Social media accounts (Twitch, Discord, etc.)
• Phishing attempts against our team
• Physical security (office, server location)
• Findings that are already known or have no real impact

Contact

Please report security vulnerabilities exclusively via email to:
security@modcockpit.tv

Describe the vulnerability as detailed as possible, ideally including:

• Affected URL / component
• Steps to reproduce
• Expected vs. actual behavior
• Potential impact