Skip to content
GreySurface

Received a report from GreySurface?

Use this page to verify the sender, understand what to expect, and route the report safely.

Verify the sender

The safest way to verify an email is to start a new message using the contact address published on this website rather than relying only on the reply address in the message you received.

I do not provide a public report lookup because it could reveal or allow enumeration of private disclosure references.

Display name
Nick | GreySurface
Official email
nick@greysurface.co.uk
Website
https://www.greysurface.co.uk
Report reference
A message may include a GreySurface reference beginning with GS

What a genuine report from me will do

  • Identify the affected product and security boundary
  • Explain the observed impact
  • State how testing was limited
  • Provide enough information for technical triage
  • Redact unnecessary third-party information
  • Offer secure transfer of sensitive evidence
  • Offer clarification and fix validation

What it will never require

  • Payment before receiving the report
  • Payment before receiving reproduction details
  • Immediate transfer to an unfamiliar payment address
  • Passwords, access tokens, API keys, or production credentials
  • Running an executable, macro, or unknown archive
  • Payment in exchange for silence
  • A publication or regulatory threat tied to payment
  • Wide internal distribution of third-party personal data

What to do next

01

Acknowledge receipt

A brief reply lets me know the message has reached a human.

02

Route it confidentially

Send it to the application security, product security, engineering, or incident-response owner.

03

Provide a secure channel

Where raw evidence is needed, provide the company's preferred secure reporting route.

04

Confirm validation

Let me know whether the issue has been reproduced and whether more information is needed.

Are reports conditional on payment?

No. I supply reports without a fee or payment condition.

If your team validates a useful finding and chooses to recognise the research and write-up with a discretionary goodwill contribution, that choice does not affect access to evidence, remediation support, publication decisions, or fix validation.

Still unsure whether the message is genuine?

Start a new email using the address published below and include the report reference from the message you received.

Contact me