Last modified on August 18, 2025.
HOPE FOUNDATION is committed to maintaining the security of our systems and data. If you believe you have identified a potential security vulnerability, please share it with us by following the submission guidelines below.
Thank you in advance for your submission. We appreciate researchers assisting us in our security efforts.
For purposes of this program, “HOPE FOUNDATION” refers to HOPE FOUNDATION and its agents, affiliates and subsidiaries, including but not limited to timodea.com.au and ai1agency.com.
Vulnerability Disclosure Program Guidelines
Researchers shall disclose potential vulnerabilities in accordance with the following guidelines:
- Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
- Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not engage in any activity that can potentially cause harm to HOPE FOUNDATION, our attendees, users, or our employees.
- Once a vulnerability has been discovered, stop all related activity, and notify us immediately.
- Provide HOPE FOUNDATION reasonable time to fix any reported issue before making any information public.
Prohibited Actions
Security researchers are expected to act responsibly and cause no harm. The following actions are outside of the scope of this program and are strictly prohibited:
- Phishing
- Social engineering
- Denial-of-service attacks
- Resource exhaustion attacks
- Any violation of HOPE FOUNDATION Privacy Policy
- Testing of any third-party services
- Use of any vulnerability to exfiltrate data, gain persistent command-line access or facilitate lateral movement within our systems
In-Scope Assets
- *.HOPE FOUNDATION
- *.hopefoundation.tv
- *.hopeaustralia.org
- *.hopeaustralia.com.au
- *.internationaloutreachnetwork.org
- *.timodea.com.au
- *.ai1agency.com
- *.ai1.com.au
Out-of-Scope Vulnerabilities
The following vulnerabilities are out of scope and should not be submitted:
- Theoretical vulnerabilities
- WordPress Username Enumeration
- Information related to server status
- Enumeration of directories, files, or assets
- Findings related to password strength
- Login/Logout/Unauthenticated/Low-impact CSRF
- Self-exploitation
- Any service or libraries not directly hosted or controlled by HOPE FOUNDATION
- Valid bugs or best-practice issues that are not directly related to the security posture of HOPE FOUNDATION
Submission Instructions
When reporting a potential vulnerability, please include a detailed summary, including the target, steps, tools, and artefacts used during the discovery. Submit your findings to info@hopefoundation.tv.
As a not-for-profit, HOPE FOUNDATION does not operate a public bug bounty program, and we make no offer of reward or compensation in exchange for submitting potential issues. Recognition as “Public Acknowledgments” will be given for vulnerability reports not currently known by us.
Disclaimers
Any good-faith activities conducted consistent with this program will be considered authorised conduct, and we will not initiate legal action against you. HOPE FOUNDATION reserves the right to change or cancel this program at any time.
Security Research Honours
HOPE FOUNDATION is dedicated to protecting our users and upholding our commitment to excellence. Partnering with Security Researchers is just one way we help keep our users safe, and we’d like to thank those who’ve contributed to our Vulnerability Disclosure Program.