Role​

PunchCard Labs maintains a public interface for disclosure policy, advisory publication, sanitized reports, local-first tooling, aggregate data, and documentation that can be cited without exposing sensitive research process.

Boundary Model​

The public site is intentionally narrow. It does not authorize testing, collect sensitive vulnerability reports through a form, host exploit material, or process private evidence server-side.

Publication Posture​

Public material should be precise, durable, and restrained. The intended audience includes vendors, researchers, reviewers, and technically literate readers who need clear policy and stable references.

Public Surface​

The public surface is designed to be stable and small. Policy, contact, advisories, reports, tools, data, and examples are separated so each page has a clear purpose. This reduces the chance that a reader treats a template as a report, an example as evidence, or a coordination note as authorization.