Skip to content

Latest commit

 

History

History
44 lines (31 loc) · 2.67 KB

SECURITY.md

File metadata and controls

44 lines (31 loc) · 2.67 KB
Raw

Security Vulnerability Reporting Policy

Introduction

We are committed to maintaining the security of our systems and protecting user data. If you believe you have found a security vulnerability in any of our products or services, we encourage you to let us know right away. We welcome security concerns from all users, researchers, and the broader security community.

How to Report a Security Vulnerability

To ensure a quick and effective response, please follow this process for reporting security vulnerabilities:

  1. Contact Us Directly:

    • Email your findings to me@federicociro.com. Encrypt your message using our PGP key to ensure that it remains confidential. The PGP key is available at Ubuntu Keyserver directory.
    • Provide as much information as possible about the vulnerability, including:
      • The product or service affected.
      • A detailed description of the vulnerability.
      • The potential impact of the vulnerability.
      • Any steps required to reproduce the vulnerability (if applicable).

  2. Do Not Disclose Publicly:

    • Please do not disclose the vulnerability to the public or third parties before it has been resolved. We need time to investigate and remediate any issues to protect our users.

  3. Timing:

    • We aim to acknowledge receipt of your report within 48 hours.
    • We will provide a detailed response within one week to explain the next steps.

Our Commitment

Upon receiving your communication, we pledge to:

  • Promptly acknowledge receipt of your report.
  • Review your submission and work with you to understand the impact of the vulnerability.
  • Address the issue in a timely manner, prioritizing critical issues as necessary.
  • Keep you informed throughout the resolution process.
  • Recognize your efforts in our public communications about the vulnerability, after it has been resolved, if you provide your consent to be acknowledged.

Legal Considerations

We ask that any activities conducted to find vulnerabilities are done in a responsible manner. Do not engage in any of the following:

  • Accessing or modifying user data without permission.
  • Disrupting or degrading our services.
  • Initiating fraudulent transactions.

We support responsible security research, and we commit to not taking legal action against you provided that you adhere to this policy. This includes refraining from filing a DMCA request or bringing legal claims against you for circumventing the technological measures we have in place to protect our applications.

Thank you for helping keep our users and services safe.