At IOST - Initiative for Open Source Technology, we are committed to ensuring the security and privacy of our community members and the codebase. If you discover a security vulnerability, we appreciate your responsible disclosure. 🚨
If you believe you've found a security vulnerability in this repository, please follow these steps to report it to us:
- Do not open an issue or pull request: Do not disclose the vulnerability publicly.
⚠️ - Contact us directly: Please email us at iost.ascol@gmail.com with the details of the vulnerability. Include the following information:
- A description of the issue. 🛠️
- Steps to reproduce the issue. 🔍
- Affected versions and components, if applicable. 📅
- Any additional information or context. 🗨️
We accept and encourage reports on the following types of vulnerabilities:
- Cross-Site Scripting (XSS) 🧩
- SQL Injection 💻
- Command Injection 🛑
- Remote Code Execution (RCE) 🌐
- Authentication Issues 🔑
- Data Exposure 📊
- We will acknowledge receipt of your report within 48 hours. 📩
- We will triage the vulnerability and work on a fix, providing updates as needed. 🔄
- Once a fix is available, we will issue a patch and update the relevant documentation. 📝
- We will credit you for finding the issue if you wish to be credited. 🙏
Once the issue is resolved, we will coordinate with you to disclose the vulnerability safely, allowing users to update their systems before the vulnerability is publicly announced. 🚀
In addition to reporting security issues, we encourage all contributors to follow security best practices when contributing to this project, including:
- Avoid storing sensitive information in the repository (e.g., API keys, passwords). 🔑
- Review code for security issues before submitting pull requests. ✅
- Follow secure coding standards to prevent vulnerabilities. 🧑💻
We appreciate your help in keeping the project secure for everyone. Your responsible disclosure helps improve the security of the community and fosters a safe environment for developers. 💡