Security policy
Report security issues privately.
This page gives recruiters, clients, and security researchers a clear vulnerability-reporting path for Meidie's public portfolio without implying enterprise SOC, compliance, or bug bounty coverage.
Contact: [email protected]
Suggested subject: [Security] report: Meidie security portfolio
Scope
In scope:
- The static portfolio site at meidie.mdpstudio.com.au.
- Public assets published from this repository, including the downloadable resume PDF.
- Public project links shown from the portfolio when the linked project is owned by Meidie Fei or MDP Studio.
Out of scope:
- Third-party platforms such as GitHub, Netlify, Cloudflare, Buy Me a Coffee, and LinkedIn.
- Client-private systems, private MDP Studio infrastructure, private repositories, email accounts, or payment accounts.
- Social engineering, phishing, physical attacks, spam, denial of service, credential stuffing, or attempts to access private data.
What to include
- Affected URL, repository, or artifact.
- Minimal reproduction steps and expected impact.
- Relevant screenshots or logs with secrets removed.
- Whether you believe any data was accessed or changed.
Safe testing
- Use your own browser session and test data.
- Keep proof of concept steps minimal and reversible.
- Stop and report immediately if you encounter private data, credentials, or account boundaries.
- Do not run high-volume automated scans against the portfolio or linked demos.
Artifact integrity and signing
Resume PDF: assets/Meidie_Fei_Cyber_Security_Resume.pdf
SHA-256: 19BEBF8AA951A5702BB9D80D0B47B63592C57D420CF525F1FD99EADAF6A48F07
Machine-readable manifest: artifact-manifest.json
RMM Hunter releases: github.com/MDP-Studio/rmm-hunter/releases
Current public Windows builds are treated as unsigned beta artifacts unless a release page says otherwise.
When future artifacts are code-signed, checksum-published, or detached-signature-published, the portfolio should link to the relevant GitHub release, checksum, signing identity, and verification steps from this policy.
Security claims boundary
The portfolio demonstrates practical security engineering, documentation, and deployment habits. It does not claim SOC 2, ISO 27001, PCI DSS, formal penetration-test attestation, or continuous monitoring coverage unless a separate project page provides verified evidence.