We take the security of goSign code, software, and cloud platform very seriously. If you believe you have found a security vulnerability in goSign, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
Please report any issues, instead of posting a public issue in GitHub. Please include as much information as possible in your report to better help us understand and resolve the issue:
- Where the security issue exists (ie. goSign, infrastructure, etc.)
- The type of issue (ex. SQL injection, cross-site scripting, missing authorization, etc.)
- Full paths or links to the source files where the security issue exists, if possible
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof of concept or exploit code, if available