Due to the nature of our work, maintaining a secure platform must be a high priority. This security policy is the first step to working toward that goal.
The primary objective is to develop and operate the platform in compliance with OWASP best practices, beginning with the OWASP Top Ten.
There are no releases at this time, but when there are we will list which are actively supported for security updates.
Vulnerability reports can be submitted in our GitHub repository, under the Security tab. If the vulnerability report is accepted, a notification of the vulnerability will be issued and regular updates will be provided using confidential channels until a fix is produced. If it is initially declined, we may request additional information to identify and reproduce the reported failure.