Policy

Lumin Digital welcomes collaboration with security researchers who wish to make inquiries or send vulnerability reports using the responsible disclosure process.  While our Terms of Use do not authorize any external party to perform vulnerability or penetration security testing against this website, should a security issue be observed, we ask for your assistance with responsible disclosure to:

  • Privately and securely report the issue
  • Collaborate with us to confirm the issue
  • Provide a reasonable amount of time for us to resolve the issue
  • Embargo the release of details until the problem is resolved

While Lumin Digital does not presently operate a bug bounty program or otherwise compensate those who report issues, we may acknowledge contributors who follow this responsible disclosure process, if they identify themselves and permit attribution.

We will acknowledge all reports as soon as we can, usually within 24 hours.  Lumin Digital’s security team respects and supports the knowledgeable and talented security researcher community and appreciates all efforts to responsibly disclose issues.

Reporting Procedure

Please send an e-mail to security-disclosure@lumindigital.com along with details that permit us to fully understand the issue you are observing, and if possible, with screenshots, logs, URL’s with parameters, sample output, or steps to reproduce the issue that we can use to validate your report and identify the root cause.  Please also provide information that allows us to respond to you for additional questions, and, to the extent we can, to apprise you on our progress in resolving the issue. If possible, please provide your IP address to allow us to correlate your activity in our logs for further diagnosis.

You may send us encrypted emails by using our public PGP key, and please do so if any information you send is confidential.  We have published our key on public keyservers, or you may obtain it from https://lumindigital.com/security-disclosure-pgp-key.asc, or you may find it reproduced below:

 


—–BEGIN PGP PUBLIC KEY BLOCK—–
mQINBFrQKhMBEAC8C6l9uEyY7QkTwE6lqMLGphqk+Ba9ombnjr02k+fQXDMQ5TPD
XiZ0Px/uzvM5hhKFhM+zjnd5vaa1XA/4atRlTE1aI5sQvS7IPOgHgCnVM9nlLsYV
0B0GxQT6z3EN1vXftROwcFCthM0cSTBhNbsFGA7e1shYiL65B13zTpgFjCUr80Q+
jiVolS3nHH/CVBeEP0Zt1l1xpUK/jn8mrzSk63HELiqpJAX45Kt0PKRYcYlfZxkY
1AmYn6N5a03t7WmzA4EWRD4ljMvqHuFD1NJ3mDUbNK8LP4dhCoTQVdgxnf4OxPGY
JjX226fuoZEfxranxuZgHyt6EUYx1hbUzi3Q8ovBu4FCw5ppMiNARXavACPKk4Xq
VLCgXausUkBR5gNwl7tzzx/lSEMRmxnxwUErn6Lf9LpZeq4x/gCfo0lzBRxjCFLy
0nlf93bB7i8vEvcxSRUYGe8tms+G/isKN62IsSCesvKRXedS35El1zURA+ECw2EN
t+j8ZRwgrIVt0qfL+89DACtkI6MmdhIggu5/yKDuGBWGkNjvuXCbZC9CXpYz+aUW
AER6F5O8gZ9M4d6M2Bd0KZDRH5U3vh/5HlEYjwRSeXIPk8grEm0icqNRfNSpBSEX
GbXocUJdR5UBXydMAF+IWTniVgaciPdYXOtes7u2I/482N9mDDsNaGlyOwARAQAB
tFZMdW1pbiBEaWdpdGFsIFNlY3VyaXR5IERpc2Nsb3N1cmUgUmVzcG9uc2UgVGVh
bSA8c2VjdXJpdHktZGlzY2xvc3VyZUBsdW1pbmRpZ2l0YWwuY29tPokCVAQTAQgA
PhYhBLQh9Myq5Dync10/QiR+ZJC5QmLaBQJa0CoTAhsDBQkHhh+ABQsJCAcCBhUI
CQoLAgQWAgMBAh4BAheAAAoJECR+ZJC5QmLagM8P/RxlpTVv1g01nkz3MHfvbWlS
pOu8KpFNmaWLx++wXt8IzcNk5ufxBcQN5HSFDfR+ra8IogAqCwPw6lXRccOP5GOY
C/zvObaSd5OSWBik7JD8dCBnsKwzzUskw9bxDx4bRYyd/oOp4WJFIK8ijUXvOGhC
MRfXemPo3WKG3hArQzQ8yBUwL3vw4VYM2N9KHuvLUjedqp+79OxMmtM5rgdEW+aU
jp+Ld0PpUnoeBI6D8epJ/3iqg8sZguw79GhHBzOUgR9JlnibbV9HdBlIwbZLKhzD
1lJvHxp06S7OmVGDzlPEGzkZ6B+rKzyl55TbPYBHDiTWnFrxr0Nadf5OLjom/7cx
oBzsAJW6jOsb4Uf6pkLFDayCHYdIokfmzRBFHv2ur9rFFkMAlp2ReyODLQFb2Vz3
LhvWVEUpNc1foT2FkwpA6j99dChVcfVE9y2G2LHSjxq/fj80pyq8GUNXADo/klmT
pnrQmOW+jBxBu2iI1yYpJMjDRFFu8Xb4BL8Mprz0lJO4JzDiuHA/2gE3qlLwVINI
zRO6QBAP5OwHro9kZqL1sTfnlB9TkK3sEMAttKZzRkbkyZc7FTBKQ40FJ/Bb+KMp
7yWAgVG6cFMXd5IaMDnav3ukcGziHP8jz230zHi9v+g+SaYh4x5HEVKyuot473jF
5//YKN3j9JDP6GraDp+quQINBFrQKhMBEADNjAMAsa6JY3cA3mJ/W2Yfu5eVBvAy
ICQne051Pdh+gGC/m9/967Y2hhXgcFD1+HLZiXo4dUiCpB8vMbbFv0Cwheb/Lg0r
B15++W1jm4UInyUq2eEY99lsY0I7zLfBov+RENq2uRmUEtjxwUi6O/66kg63Lpxq
ai9e+wd7Potgi6aMG1HehwOKpKz2KuU4MMXlcBR7u4GCRyHV2fr6jXxzhJxDo/n3
yr8iNi7o13iT8XabXfb24Y3Ut0RFtdvlIymATRAiCEX5+tz2BulzVYstpYXrpkuv
dZyVk07+bfPIxCJhkCGW12XcTfIxMlGHvIQKSiHXqNrJcfmzJAsAqOk0MwZeXbn8
rQB2BylKmQuPsnCtbMh0WxVJqr4mRDZc7s7kDhUuyoHS/IStzavu5lPU9+hHe5Qw
vk0wFLXQQBp/xPPvzmLHwJMKljPpfOrUEwvk00vrCX1GftAdBKNTyhpq/XPmV3yz
3kLks4HI9e+MK5OsMRvvcWB8D9JJdtwkFrwsnuJW6HuAHcsUU1sGg87vsR+M4id0
XfpSNNj1fbKMTjnKV0Fo52gzHspWzGAIyUCuEr02MFWXY+QFJ0Zo8++Q4ngWuduj
3wPszEcNgFt1sVYVwYeGG3MGz3GiZVLd6cHy2aEfXSZm+5p5ViLxOpBFUCUqq3DJ
xqN90CvLPWjweQARAQABiQI8BBgBCAAmFiEEtCH0zKrkPKdzXT9CJH5kkLlCYtoF
AlrQKhMCGwwFCQeGH4AACgkQJH5kkLlCYtodXRAAkhSXmQ3FDUTDi4Rmzom91seb
LrDCg8CaDTKjMzROFzjBRiCpIHXvDgzUd9yVDIPcPYcgUUtPEUrJ2bEgvZIq6je+
gncx/fDI82B8Y00/hfeDXpgnpn/1HGN9LeoloeKTveDvuSsZCJAq5OJUsBu6IaIH
9QNSnV5Jjg/qam8TnqwdTJv1DaJZtM9dOdO+hKa2556r/7ZlD0AP/boVKmvXfKmQ
hwdb7mU+0nzqUcHWbbYEoj8Ek6yggSGMPXbzXP5HENCfN8zqIiMHqaVFT00Le4yL
HT8WHujGmfnjTe4tf8SHdXNWL/RjS8kftiIFd79xk6qDAKBXCJAEstZTIq+cnIsn
mT4jyT62CxUb4vTW+Mgj8tahJA8g3YsVf0oqP6tNN3mERTtcb9Zo0/JFw4UOmrG8
bIulojsgqUztqVQKWgmtPsFlmeEO0LZPFsmWXLocU0yUoRy05MOZp4dkcGkXrrT7
xOVygjo2CmzL5sq63z2c/n1H2hibgiKcmnwpsQjx5uOoUJxFmVCoZh1ln7byW5ER
P7LicEvgnj96hGWAQIg7ltEcluaqiipcgmvtFQRNhCZJopogF12ewjMHrXmlParq
Pk/JWhqgtrED2Hhf5wFM8vv0zAVwQaddD3wHxFff0BlpItqpfaELol2ZzEuMJigB
IF9ku2alwyZEANMEmag==Zctg
—–END PGP PUBLIC KEY BLOCK—–

Acknowledgements

We have received no reports to acknowledge.