At Kodierung, we take security seriously. This document outlines the steps for reporting security vulnerabilities and our approach to handling security issues.
If you find a security vulnerability in Kodierung, please do not report it through public GitHub issues or discussions. Instead, follow the instructions below to privately report the issue:
-
Email Contact: Send an email to contact-markevers@proton.me with the following information:
- A clear description of the vulnerability.
- Steps to reproduce or a proof of concept (if applicable).
- Any other relevant information, such as severity or impact.
-
Subject Line: Please include
SECURITY: Kodierung - [brief issue description]in the subject line of the email, so that we can prioritize your report accordingly. -
Confidentiality: We will treat your report with confidentiality and work with you to address the issue as quickly as possible. We will not share the details of your report until a fix is implemented and deployed.
Once your report is received, we will follow this process:
- Acknowledgment: We will acknowledge receipt of the report within 48 hours.
- Assessment: We will assess the severity of the vulnerability and prioritize it based on the potential risk to users and the system.
- Fix and Testing: We will work to fix the issue and perform thorough testing to ensure no other security risks are introduced.
- Disclosure: After the fix is deployed, we will disclose the vulnerability responsibly, typically in the form of a GitHub security advisory.
We appreciate your cooperation in helping us keep Kodierung secure. If you have any further questions, please don't hesitate to contact us at contact-markevers@proton.me.