Security Policy
Responsible Disclosure
I consider the security of my plugins a top priority.
But no matter how much effort I put into security, there can still be vulnerabilities present.
If you discover a vulnerability, I would like to know about it so I can take steps to address it as quickly as possible. I would like to ask you to help me better protect my users and my systems.
Please do the following:
- e-mail your findings to the address specified in this file. Encrypt your findings using my PGP key to prevent this critical information from falling into the wrong hands;
- do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people’s data;
- do not reveal the problem to others until it has been resolved;
- do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties;
- do provide sufficient information to reproduce the problem, so I will be able to resolve it as quickly as possible.
What I promise:
- I will respond to your report within 7 business days with my evaluation of the report and an expected resolution date;
- if you have followed the instructions above, I will not take any legal action against you in regard to the report;
- I will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission;
- I will keep you informed of the progress towards resolving the problem;
- in the public information concerning the problem reported, I will give your name as the discoverer of the problem (unless you desire otherwise).
I strive to resolve all problems as quickly as possible, and I would like to play an active role in the ultimate publication on the problem after it is resolved.
Based on a responsible disclosure clause by Floor Terra published with a CC:By 3.0 Unported license.