Skip to content

Security: LeakyAbstractions/result-bom

SECURITY.md

Security Policy

We take the security of our software libraries seriously, which includes all source code repositories managed through our GitHub organization.

If you believe you have found a security vulnerability, please report it to us as described below.

Please note that as a non-commercial, Open Source project we are not able to pay bounties at the moment.

Reporting a Vulnerability

Important

Please do not report security vulnerabilities through public GitHub issues.

Instead, please click "Report a vulnerability" button to open an advisory on GitHub, or send an email to security@guillermo.dev.

Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue.

  • Type of issue.
  • Full paths of related source files.
  • Location of the affected source code (repo, branch or commit).
  • Any special configuration required to reproduce the issue.
  • Step-by-step instructions to reproduce the issue.
  • Impact of the issue, including how an attacker might exploit it.
  • Proof-of-concept or exploit code (if possible).

This information will help us triage your report more quickly.

Vulnerability Process

  1. Acknowledgement

    • 🛎️ We will acknowledge your report as soon as possible.
  2. Investigation

    • 🕵️ We will research and update the issue with relevant information.
  3. Confirmation

    • 🐛 Once the vulnerability can be confirmed, we will take immediate action.
    • 🗑️ Otherwise, we will close the security advisory and no further action will be taken.
  4. Fix

    • 🚧 We will work on a fix privately.
    • 🤫 In the meantime, please keep the issue confidential.
  5. Release

    • 📦 We will release new versions of all affected libraries.
  6. Disclosure

    • 📢 Finally, we will publish the security advisory, disclosing the vulnerability and the possible exploits.

Thanks for helping make our software safe for everyone!

There aren’t any published security advisories