Select Page

Security Policy

 

Responsible Disclosure

I consider the security of my plugins a top priority. 

But no matter how much effort I put into security, there can still be vulnerabilities present.

If you discover a vulnerability, I would like to know about it so I can take steps to address it as quickly as possible. I would like to ask you to help me better protect my users and my systems.

 

Please do the following:

  • e-mail your findings to the address specified in this file. Encrypt your findings using my PGP key to prevent this critical information from falling into the wrong hands;
  • do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people’s data;
  • do not reveal the problem to others until it has been resolved;
  • do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties;
  • do provide sufficient information to reproduce the problem, so I will be able to resolve it as quickly as possible.

What I promise:

  • I will respond to your report within 7 business days with my evaluation of the report and an expected resolution date;
  • if you have followed the instructions above, I will not take any legal action against you in regard to the report;
  • I will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission;
  • I will keep you informed of the progress towards resolving the problem;
  • in the public information concerning the problem reported, I will give your name as the discoverer of the problem (unless you desire otherwise).

I strive to resolve all problems as quickly as possible, and I would like to play an active role in the ultimate publication on the problem after it is resolved.

 

Based on a responsible disclosure clause by Floor Terra published with a CC:By 3.0 Unported license.