Latest news 2024-12-13: Ebook sale (12th December 2024 – 1st January 2025): cybercrime fiction short stories Unsocial Media and Smile for the Camera free; crime fiction short story The Briefcase free; short story noir crime fiction I’ve Heard the Mermaid Sing free; crime fiction novel The Private Enemy US$1.99; illustrated children’s story The Foolish Hedgehog US$0.99.

Vulnerability Disclosure Policy

Introduction

Dickimaw Books is a sole-trader business run by indie author Nicola Talbot.

This vulnerability disclosure policy applies to any vulnerabilities you are considering reporting to Dickimaw Books (the “Organisation”). We recommend reading this vulnerability disclosure policy fully before you report a vulnerability and always acting in compliance with it.

We value those who take the time and effort to report security vulnerabilities according to this policy. However, we do not offer monetary rewards for vulnerability disclosures.

Reporting

If you believe you have found a security vulnerability, please submit your report to us using the security email address as described in the site’s security page.

In your report please include details of:

What to Expect

After you have submitted your report, we aim to respond to your report within 5 working days and aim to triage your report within 10 working days. We’ll also aim to keep you informed of our progress.

Priority for remediation is assessed by looking at the impact, severity and exploit complexity. Vulnerability reports might take some time to triage or address. You are welcome to enquire on the status but should avoid doing so more than once every 14 days. This allows us to focus on the remediation.

We will notify you when the reported vulnerability is remediated, and you may be invited to confirm that the solution covers the vulnerability adequately.

Once your vulnerability has been resolved, we welcome requests to disclose your report. We’d like to unify guidance to affected users, so please do continue to coordinate public release with us.

Guidance

You must NOT:

You must:

Legalities

This policy is designed to be compatible with common vulnerability disclosure good practice. It does not give you permission to act in any manner that is inconsistent with the law, or which might cause the Organisation or partner organisations to be in breach of any legal obligations.