At IOST - Initiative for Open Source Technology, we are committed to ensuring the security and privacy of our community members and the codebase. If you discover a security vulnerability, we appreciate your responsible disclosure. π¨
If you believe you've found a security vulnerability in this repository, please follow these steps to report it to us:
- Do not open an issue or pull request: Do not disclose the vulnerability publicly.
β οΈ - Contact us directly: Please email us at iost.ascol@gmail.com with the details of the vulnerability. Include the following information:
- A description of the issue. π οΈ
- Steps to reproduce the issue. π
- Affected versions and components, if applicable. π
- Any additional information or context. π¨οΈ
We accept and encourage reports on the following types of vulnerabilities:
- Cross-Site Scripting (XSS) π§©
- SQL Injection π»
- Command Injection π
- Remote Code Execution (RCE) π
- Authentication Issues π
- Data Exposure π
- We will acknowledge receipt of your report within 48 hours. π©
- We will triage the vulnerability and work on a fix, providing updates as needed. π
- Once a fix is available, we will issue a patch and update the relevant documentation. π
- We will credit you for finding the issue if you wish to be credited. π
Once the issue is resolved, we will coordinate with you to disclose the vulnerability safely, allowing users to update their systems before the vulnerability is publicly announced. π
In addition to reporting security issues, we encourage all contributors to follow security best practices when contributing to this project, including:
- Avoid storing sensitive information in the repository (e.g., API keys, passwords). π
- Review code for security issues before submitting pull requests. β
- Follow secure coding standards to prevent vulnerabilities. π§βπ»
We appreciate your help in keeping the project secure for everyone. Your responsible disclosure helps improve the security of the community and fosters a safe environment for developers. π‘