NRK security team:
For allowing us to use their text
When working with us according to this policy, you can expect us to:
Any service on our domains *.elogit.no, but not services that are hosted by third parties. Examples of 3rd party services may include, but are not limited to, Compendia Medlem, office365 and Azure.
Additionally, security issues in WordPress core software should be directed towards them directly unless the issue is with ou local implementation.
If you have any questions about the scope, please contact us at email@example.com.
When reporting vulnerabilities, please consider (1) attack scenario/exploitability, and (2) the security impact of the bug.
The following issues are considered out of scope:
We do not offer money or swag as rewards, but we will give you a place in our Security Hall of Fame
To encourage vulnerability research and to avoid any confusion between legitimate research and malicious attack, we ask that you attempt, in good faith, to:
When conducting vulnerability research according to this policy, we consider this research conducted under this policy to be:
You are expected, as always, to comply with all applicable laws. If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through one of our official channels before going any further.