Security & Vulnerability Disclosure Policy

Security

We’re working hard to make sure that our software is secure. If you find any vulnerability due to our implementation or infrastructure configuration, please let us know ASAP. If a vulnerability is due to a current releast of a software library, please let the respective project know (of course, we’d also like to know too – tools to track and manage CVEs only go so far!)

Vulnerability Disclosure Policy

Please send us an email to [email protected] with details. Feel free to do so from an anonymous account. Provide as many details as you can and, in particular, the information required to reproduce the bug or vulnerability and a likely fix, if readily identifiable. If you have shared permanent contact information, we will get back to you within 48 hours or when we have reproduced the bug, whichever is sooner. We do not currently have a PGP key setup, however, this is something we expect to setup in the near future.

Acknowledgments

If you would like to be listed in our Security Acknowledgements for your security disclosure, let us know the details of how you would like to be listed when you submit your disclosure (e.g. name, handle, portfolio site, or any other relevant details).