Skip to content

Security: brontoio/.github

Security

SECURITY.md

Security Policy

Brontobytes, Inc. ("Bronto") takes the security of our software and our users seriously. We appreciate your efforts to responsibly disclose your findings.

Supported Versions

This project is maintained on a rolling basis. Security fixes are applied to the latest released version on the default branch. We recommend always running the most recent release.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.

Instead, report them in one of the following ways:

Please include as much of the following as you can:

  • The type of issue (e.g. injection, authentication bypass, information disclosure)
  • Affected version(s), file path(s), and/or component(s)
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code, if available
  • The potential impact, including how an attacker might exploit it

What to Expect

  • We will acknowledge receipt of your report within 3 business days.
  • We will provide an assessment and expected timeline within 10 business days.
  • We will keep you informed of progress toward a fix and full disclosure.
  • We will credit you for the discovery once the issue is resolved, unless you prefer to remain anonymous.

We ask that you give us a reasonable amount of time to address the issue before any public disclosure, and that you make a good-faith effort to avoid privacy violations, data destruction, and service interruption during your research.

Thank you for helping keep Bronto and our users safe.

There aren't any published security advisories