KuronekoServer Vulnerability Reporting Program
The KuronekoServer Vulnerability Reporting Program (the “Program”) is intended for users who discover vulnerabilities in any services provided by the KuronekoServer Operations Team (the “Operations Team”) to report those vulnerabilities to the Operations Team.
By encouraging responsible reporting, we aim to improve the safety and reliability of KuronekoServer’s services.

Please share vulnerability information with us
To provide services that everyone can use safely, we have set up an email address for receiving vulnerability reports from security assessment services (e.g., Value Domain Net de Diagnosis, GMO Cyber Attack Net de Diagnosis) and security researchers.
All submitted reports will be investigated and handled by our Infrastructure or Development teams.
As long as you follow the conditions below, we will not pursue legal action against security researchers.

About bug bounties
We do not currently offer a bug bounty program.

How to report
If you suspect a vulnerability or discover a security issue that should be reported, please email security@krnk.org.
To send sensitive information securely, you can use PGP encryption. Download our PGP public key here.

The following actions are prohibited, even for vulnerability verification
(1) DoS/DDoS attacks or any behavior that disrupts other users or organizations.
(2) Tampering with or deleting data, or unauthorized access to other users’ accounts.
(3) Actions that interfere with service operations.
(4) Actions that compromise the security of our services.
(5) Unauthorized collection, use, or disclosure of user information.
(6) Any other actions that violate laws or regulations.
(7) Any other actions deemed inappropriate by the Operations Team.

Last updated: 2025/06/23