In Cryb we believe in transparency, but in order to ensure the safety of everyone and that we can handle issues properly, we have a list of procedures when it comes to report security vulnerabilities in the project.
We handle found security vulnerabilities in a responsible disclosure manner, based in the following procedures that will be followed:
- Report gets sent to the team, which is handled in a confidential way.
- Confirm the problem and determine the affected versions.
- Determine any similar problems, and fix all the found issues.
- Release a security fix update, after ensuring everything's right.
- Make an emergency Security issue, with an announcement encouraging people to update as soon as possible.
- Document the found issues and steps that were provided in the report.
If you find a security vulnerability, please send us your report to [email protected]. Preferably, use PGP
encryption with this PGP key (public key 8060B288C274219D
).
Please include all steps to reproduce in your report, and any hints which can help us identify the issue if possible.
These procedures and this policy are up to additional revision and suggestions.
Please open an issue and/or Pull Request on @cryb/library
and it will be reviewed by our team.