Security

Report a vulnerability

SECURITY.md

Security Policy

This repository is maintained by ToppyMicroServices OÜ.

For the full coordinated disclosure policy, see: https://toppymicros.com/security-policy.html

Machine-readable policy: https://toppymicros.com/.well-known/security.txt

Scope

In scope:

Public assets under toppymicros.com
Public repositories maintained by ToppyMicroServices OÜ, including this repository

Out of scope (non-exhaustive):

Best-practice suggestions without a demonstrable exploit path
Self-XSS and browser or devtools-only issues
Volumetric denial of service

Reporting a Vulnerability

Please report vulnerabilities to: security@toppymicros.com

Use the subject line: [SECURITY] <short summary>

This mailbox is used for coordinated vulnerability disclosure.

Include:

Affected asset and vulnerability summary
Reproduction steps or proof of concept
Impact assessment
Optional remediation guidance

Response Targets

Acknowledgement target: within 5 business days
Remediation target: generally 30 days; complex issues may require up to 60 days

Safe Harbor

If you act in good faith and follow this policy, we will not pursue legal action for your research activities.

There aren’t any published security advisories