Reporting a Vulnerability

Please read this document fully prior to reporting any vulnerabilities.

TMHCC does not currently have a bug bounty program, but we welcome any credible reports from security researchers on vulnerabilities or issues found on our sites. If you have discovered an issue which you believe poses a security vulnerability, please email securitytxt@tmhcc.com including:

• The page or site where the vulnerability exists.
• A brief description of the class (e.g. "XSS vulnerability") of the vulnerability. Please avoid including any details which would allow reproduction of the issue at this stage. Detail will be requested after initial review of the report.

Additional Guidelines

Security Researchers should adhere to the following when interacting with our sites:

• Protect the privacy of users, employees, contractors, systems, etc. by ensuring any data retrieved is properly secured and not shared or redistributed.
• Do not access unnesessary amounts of data.
• Do not modify data on our systems.
• Do not introduce any disruptions to our sites/services.
• Securely delete any and all data retrieved during research as soon as possible.
• If any questions relating to the acceptability of actions being taken arise please reach out to securitytxt@tmhcc.com.