If you believe you have found a security vulnerability in any repository owned by RoseSecurity, please let me know straight away. I will investigate all legitimate reports and do my best to quickly fix the problem.
To help me better understand the nature and scope of the issue, please include as much of the following information as possible in your report:
- Description of the vulnerability and its potential impact.
- Step-by-step instructions to reproduce the issue.
- Affected versions and configurations.
- Any possible mitigations or workarounds that you have identified.
Note
Bug Bounties
RoseSecurity does not provide bug bounties for vulnerability disclosures.
As an open-source contributor, I release projects for free under a permissive license, encouraging community contributions.
After you submit a report, I will:
- Respond to your report within 48 hours to acknowledge receipt.
- Provide an estimated time frame for addressing the vulnerability.
- Notify you when the issue is resolved.