Skip to content

Security: fasakinhenry/Ideatracker

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you believe you have discovered a potential security issue or vulnerability in any of my projects, backend systems, or services I use, please follow these steps:

  1. Do not disclose the vulnerability publicly.
  2. Do not create a public GitHub issue, pull request, or discussion about the vulnerability.
  3. Email me directly at fasakinhenry@gmail.com with the subject line "Security Vulnerability Report".

An engineer from my team will be in touch with you as soon as possible.

What to Include in Your Report

Your report should include:

  • A clear description of the issue, including steps to reproduce it.
  • Any details you think would help understand the potential impact of the vulnerability.
  • Information about your system, the software you are using (such as Chrome, Firefox, Safari, etc.), and how you discovered the vulnerability.
  • If possible, encrypt your message with my PGP key (available upon request).

What to Expect After Reporting a Vulnerability

Once submitted, your report will be reviewed promptly. We will then work with you to understand more about the issue and, if verified, make all efforts to address the vulnerability promptly.

Response Time

I will make my best effort to respond to your report within 48 hours and will strive to keep you informed about the progress towards a fix and full announcement.

Disclosure Policy

When I receive a security bug report, I will:

  1. Confirm the problem and determine the affected versions.
  2. Audit code to find any potential similar problems.
  3. Prepare fixes for all still-maintained releases.
  4. Release new versions and update the public repository.

Bug Bounty Program

While I don't currently offer a formal bug bounty program, I deeply appreciate your efforts in keeping our community, users, and products safe. Rewards for significant vulnerabilities may be issued on a case-by-case basis at my discretion.

Comments on this Policy

If you have suggestions on how this process could be improved, please submit a pull request or contact me directly.

Thank you for your support in responsibly disclosing any issues and helping to make my projects more secure.

There aren’t any published security advisories