Contact
Security reports
Vulnerabilities affecting UZC services should be reported to security@uzc.edu.pl. A report should include the issue description, URL, impact, reproduction steps and reporter contact details.
Security and Vulnerability Disclosure
Responsible vulnerability disclosure rules for UZC services.
Responsible testing
Only non-disruptive tests that do not compromise third-party data are allowed. Denial-of-service attacks, social engineering, unauthorized physical access, escalation beyond minimal proof, and data download or modification are not permitted.
Do not publish details before the coordinated handling process is complete.
Do not store, share or copy personal data or documents.
Stop testing and report immediately if you access another person's data.
Report handling
UZC acknowledges receipt within 3 business days, provides initial triage within 10 business days and coordinates remediation with the responsible units. Reporter acknowledgment may be published only with the reporter's consent.
Standard disclosure file
UZC publishes machine-readable security contact information at /.well-known/security.txt.
Covered services
This policy covers the uzc.edu.pl public website, student and staff portal, public APIs, private document download flow and related services under the UZC domain.
Response times
- Acknowledgment
- 3 business days
- Initial triage
- 10 business days