Responsible Disclosure

How to report a security issue

Email security findings to mathieu@cloudcostchefs.com with the subject line “Security Report - CloudCostChefs”.

Please include enough detail to reproduce and validate the issue quickly.

• Affected URL or page(s)
• Steps to reproduce
• Expected behavior vs. observed behavior
• Impact and attack scenario
• Screenshots, logs, or proof-of-concept details (if safe to share)

Responsible testing expectations

• Avoid actions that degrade availability, spam users, or create excessive traffic.
• Do not access, modify, or exfiltrate data that is not your own.
• Do not attempt social engineering, phishing, or physical attacks.
• Do not publicly disclose the issue until CloudCostChefs has had a reasonable chance to investigate and respond.
• Stop testing immediately if you encounter sensitive data and report the issue.

Scope

This process covers the CloudCostChefs website and its hosted web features. Third-party services linked from the site (for example GitHub, podcast platforms, and cloud provider portals) are out of scope and should be reported directly to those providers.

Issues in downloadable scripts or repositories can still be reported here when the content is distributed or referenced by CloudCostChefs.

What to expect from us

• Acknowledgement of receipt (typically within a few business days)
• Follow-up questions if reproduction details are incomplete
• Assessment and remediation planning based on severity and impact
• Status updates when a fix is available or a mitigation is documented

Bug bounty / compensation

CloudCostChefs does not currently run a public bug bounty program and cannot promise compensation for submitted reports.

High-quality, responsible reports are still appreciated and help improve the safety of the site and tools.