Skip to content

Security: nyhtml/GHOST

Security

SECURITY.md

Responsible Security Disclosure Policy

We value the security of our systems, services, and users. If you discover a security vulnerability in any Sipylus product, service, or infrastructure, we encourage you to report it to us responsibly.

How to Report

  • Contact: Email
  • Encryption: Use our public PGP key
  • Preferred language: English

What to Include

Please provide as much detail as possible, including:

  • The affected product, service, or domain
  • Steps to reproduce the vulnerability
  • Any potential impact you foresee
  • Your preferred contact method (optional if you wish to remain anonymous)

What You Can Expect

  • We will acknowledge receipt of your report within 72 hours.
  • We will keep you informed of our remediation progress.
  • We will credit you on our Acknowledgments page if you wish.
  • We will not take legal action against researchers who report issues in good faith, following this policy.

Scope

This policy applies to all Sipylus-owned domains, services, and infrastructure unless explicitly excluded. If you are unsure whether a system is in scope, please ask first.

Out of Scope

  • Denial-of-service (DoS) or spam-related issues without a demonstrable security impact
  • Social engineering attacks against Sipylus employees, contractors, or users
  • Physical attacks on Sipylus offices or data centers

Our Commitment

We are committed to fixing verified vulnerabilities in a timely manner and improving the security of our products and services. This policy reflects our dedication to collaboration with the security community.

There aren't any published security advisories