I take security issues seriously. I appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
To report a security vulnerability, please email me directly at [email protected].
I ask that you provide the following information when reporting a security issue:
- Description of the vulnerability
- Steps to reproduce the vulnerability
- Impact of the vulnerability
- Any potential mitigations or workarounds
I will acknowledge receipt of your report within 24 hours and will strive to keep you informed throughout the resolution process.
Upon receiving a vulnerability report, I will assess the issue's severity and impact. I will prioritize the vulnerability based on its severity and the risk it poses to the users.
Once I have validated and reproduced the vulnerability, I will develop and test a fix. Depending on the severity of the issue, I may release a patch as soon as possible or coordinate with regular releases.
If you are interested in receiving credit for your discovery, please let me know when you submit your report. I am happy to acknowledge your contribution publicly, with your consent.
While I strive to maintain a secure codebase, users can also take steps to enhance their security:
- Use Strong Passwords: Use unique, complex passwords for their accounts.
- Keep Software Updated: Regularly update PassmanTRS to get the newest security updates.
By working together, we can create a safer environment for all PassmanTRS users.