Skip to content

Security: RoseSecurity/Kuzco

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you believe you have found a security vulnerability in any repository owned by RoseSecurity, please let me know straight away. I will investigate all legitimate reports and do my best to quickly fix the problem.

What to Include in Your Report

To help me better understand the nature and scope of the issue, please include as much of the following information as possible in your report:

  • Description of the vulnerability and its potential impact.
  • Step-by-step instructions to reproduce the issue.
  • Affected versions and configurations.
  • Any possible mitigations or workarounds that you have identified.

What to Expect

Note

Bug Bounties

RoseSecurity does not provide bug bounties for vulnerability disclosures.

As an open-source contributor, I release projects for free under a permissive license, encouraging community contributions.

After you submit a report, I will:

  • Respond to your report within 48 hours to acknowledge receipt.
  • Provide an estimated time frame for addressing the vulnerability.
  • Notify you when the issue is resolved.

There aren’t any published security advisories