Burzcast maintains a documented and deliberate approach to vulnerability disclosure. The objective is simple: to provide a clear, reliable channel for responsible security research while protecting operational focus and reducing unnecessary noise.

For this purpose, a security.txt file is published at the standardized locations defined by RFC 9116, including /.well-known/security.txt. This file exists to guide legitimate researchers toward the correct disclosure path without ambiguity.

The file contains designated contact information and references to the applicable disclosure policy. It is maintained as a single source of truth and updated as required. No public bug bounty program is operated.

Security reports are reviewed on their technical merit. Submissions that demonstrate a verifiable vulnerability, accompanied by clear reproduction steps and evidence, are evaluated promptly and professionally. Reports lacking substance or attempting to solicit compensation without demonstrated impact are not pursued.

This approach is intentional. Excessive solicitation and speculative reporting undermine the integrity of responsible disclosure and divert attention from meaningful security work. Clear expectations protect both researchers acting in good faith and the systems they engage with.

Where a valid issue is identified, appropriate remediation is undertaken. Communication remains factual, measured, and focused on resolution. Recognition, when offered, is discreet and proportionate.

Security is treated as an operational discipline rather than a marketing exercise. The presence of a security.txt file reflects that position: quiet, explicit, and sufficient.