Vulnerability disclosure

How to report security issues for rtapulse.com, and what to expect in return.

Report a security issue

Email: grcguy@rtapulse.com

  • Include the affected URL, steps to reproduce, and what you believe the impact is.
  • If you have a safe proof-of-concept, keep it minimal (no sensitive data; no customer data).
  • If you want a reply, include your preferred contact details in the email.

This is a personal site. Response is best-effort and depends on availability.

Scope

  • In scope: rtapulse.com content and configuration that I control.
  • Out of scope: third-party services and platforms (for example, GitHub, Cloudflare, or linked external sites).

Please don’t

  • Run denial-of-service tests or automated scanning at scale.
  • Attempt to access or exfiltrate any data that isn’t yours.
  • Social engineer or phish anyone associated with the site.

Safe reporting

If you act in good faith and follow the guidelines above, I won’t pursue action for your security research. If you’re unsure whether an approach is acceptable, ask first via email.

security.txt

Security contact is also published at /.well-known/security.txt.

What ऋतPulse means

rtapulse.com (ऋतPulse) combines ऋत (ṛta / ṛtá)—order, rule, truth, rightness—with Pulse (a living signal of health). It reflects how I think GRC should work: not a quarterly scramble, but a steady rhythm—detect drift early, keep evidence ready, and translate risk into decisions leaders can act on.