At Oxide, we take security very seriously. We are committed to ensuring the safety and integrity of our tools and the developer community that relies on them. If you discover any security vulnerabilities in our projects, we encourage you to report them as soon as possible.
We recommend that users stay up to date with the latest versions to ensure they have the most secure experience.
If you believe you have found a security vulnerability in one of our projects, please help us responsibly disclose it by following these steps:
- Do not disclose the vulnerability publicly.
- Report the issue by sending an email to our security team at [org.oxide@gmail.com] with the following information:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Potential impact and risks associated with the vulnerability.
- Any potential fixes or suggestions (if applicable).
We will investigate all legitimate reports and do our best to respond to your submission promptly, typically within 48 hours.
Upon receiving a security report, we will:
- Acknowledge receipt of your report within 48 hours.
- Investigate the issue and determine its severity.
- Work with you to understand the scope of the issue and validate the problem.
- Take immediate action to patch the vulnerability and, if necessary, release an advisory.
- We will keep you informed throughout the process and will give you credit for the discovery if desired.
While we ensure that our tools are secure, we also recommend users follow these best practices to further enhance their security:
- Always keep your tools and dependencies up to date.
- Regularly audit your own systems and environments for potential vulnerabilities.
- Use strong authentication mechanisms when accessing sensitive systems.
Thank you for helping keep Oxide and our community secure!