Primary intake
Reports go through the security form first, with security@blast-audit.com as backup contact.
Aviso legal
Seguridad / Divulgación de vulnerabilidades (VDP)
Cómo reportar de forma responsable vulnerabilidades de seguridad a Blast Audit.
Última actualización: February 15, 2026
Mostramos la versión en inglés mientras terminamos la traducción.
Scope
In scope: blast-audit.com, relevant subdomains, and other public web assets operated by Blast Audit.
Response targets
Acknowledgement within 72 hours. Initial triage within 7 days. No monetary bounty at this time.
Blast Audit (NEXT BP) welcomes responsible disclosure of security vulnerabilities.
Report a vulnerability
Preferred: Submit a report using this form:
Backup contact:
- Email: security [at] blast-audit.com
Please include:
- A clear description
- Steps to reproduce
- Affected URL(s)/endpoint(s)
- Impact assessment
- Proof-of-concept (text or link)
Scope
In scope:
- blast-audit.com and relevant subdomains (e.g., app / api)
- Any other public web assets owned and operated by Blast Audit
Out of scope:
- DoS/DDoS, load/stress testing
- Social engineering (phishing/vishing), physical attacks, threats/extortion
- Automated scanning that disrupts availability
- Issues in third-party services not controlled by Blast Audit
Safe Harbor
We support good-faith security research.
If you avoid data access beyond what is necessary, do not disrupt services, test only in-scope assets, and report promptly, we will not pursue legal action against you for your research.
Response targets
- Acknowledgement: within 72 hours
- Initial triage: within 7 days
No bounty
This is a vulnerability disclosure program. We do not currently offer monetary rewards.
Last updated: 2026-02-15