If you've found a security issue in HDE, you can submit your report to hope-security[@]unicef.org via email.

Please include as much information as possible in your report to better help us understand and resolve the issue:

• Where the security issue exists (ie. HDE Core, API subsystem, etc.)
• The type of issue (ex. SQL injection, cross-site scripting, missing authorization, etc.)
• Full paths or links to the source files where the security issue exists, if possible
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof of concept or exploit code, if available

If you need to encrypt sensitive information sent to us, please use our PGP key:

F72B F087 F3A9 4FE4 A305 CE44 9061 F6AC 06E4 0F32