The security policy outlined below applies to version 0.1.0 of the project.
Version | Supported |
---|---|
0.1.0 | ✅ |
If you discover a security vulnerability in this project, we appreciate your responsible disclosure. By working together, we can address the issue promptly and ensure the security of our users' data.
To report a vulnerability, please follow these steps:
- Email: Send an email to our security team at :[email protected].
- Subject: Use a clear and descriptive subject line, such as "Security Vulnerability Report - [Scribbly]."
- Description: Provide a detailed description of the vulnerability, including the steps to reproduce it and any relevant information that can help us understand and address the issue.
- Attach Proof of Concept: If possible, provide a proof-of-concept or sample code that demonstrates the vulnerability. However, please refrain from performing any destructive actions or violating any privacy or security laws during your research.
- Encryption (Optional): If you prefer to encrypt your communication, please use our public PGP key, which can be found on our website or on public key servers.
- Responsiveness: We strive to respond to vulnerability reports promptly. You can expect an initial response acknowledging your report within [specify time frame, e.g., 48 hours].
- Investigation and Disclosure: Our security team will investigate the reported vulnerability and assess its impact on our system. We will keep you informed of our progress and any necessary actions.
- Responsible Disclosure: We kindly request that you do not disclose the vulnerability publicly until we have addressed it and provided an official announcement. We will work together with you to determine an appropriate timeline for disclosure, considering the severity and complexity of the vulnerability.
We value the contributions of security researchers and the broader community in improving the security of our project. As a token of our appreciation, we may acknowledge your contribution publicly, upon mutual agreement.
Thank you for your commitment to keeping our project secure!
Note: This security policy is subject to change without notice.