Security / Vulnerability Disclosure (VDP)

Blast Audit (NEXT BP) welcomes responsible disclosure of security vulnerabilities.

Report a vulnerability

Preferred: Submit a report using this form:

• https://forms.gle/Zo5TLNdyip75gSB2A

Backup contact:

• Email: security [at] blast-audit.com

Please include:

• A clear description
• Steps to reproduce
• Affected URL(s)/endpoint(s)
• Impact assessment
• Proof-of-concept (text or link)

Scope

In scope:

• blast-audit.com and relevant subdomains (e.g., app / api)
• Any other public web assets owned and operated by Blast Audit

Out of scope:

• DoS/DDoS, load/stress testing
• Social engineering (phishing/vishing), physical attacks, threats/extortion
• Automated scanning that disrupts availability
• Issues in third-party services not controlled by Blast Audit

Safe Harbor

We support good-faith security research.
If you avoid data access beyond what is necessary, do not disrupt services, test only in-scope assets, and report promptly, we will not pursue legal action against you for your research.

Response targets

• Acknowledgement: within 72 hours
• Initial triage: within 7 days

No bounty

This is a vulnerability disclosure program. We do not currently offer monetary rewards.

Last updated: 2026-02-15