Skip to content

Security: crybapp/api

Security

SECURITY.md

Security Policies and Procedures

⚠️ Do NOT open public issues on GitHub to report security vulnerabilities. ⚠️

In Cryb we believe in transparency, but in order to ensure the safety of everyone and that we can handle issues properly, we have a list of procedures when it comes to report security vulnerabilities in the project.

We handle found security vulnerabilities in a responsible disclosure manner, based in the following procedures that will be followed:

  • Report gets sent to the team, which is handled in a confidential way.
  • Confirm the problem and determine the affected versions.
  • Determine any similar problems, and fix all the found issues.
  • Make an emergency Security issue.
  • Make an announcement encouraging people to update as soon as possible.
  • Document the found issues and steps that were provided in the report.

If you find a security vulnerability, please follow any of the specified methods:

  • Send us your report to security@cryb.app.
  • On Discord, send a private message to JeDaYoshi#7942.

Preferably, use PGP encryption with this PGP key (public key 8060B288C274219D).

Please include all steps to reproduce in your report, and any hints which can help us identify the issue if possible.


Additional changes for this Policy

These procedures and this policy are up to additional revision and suggestions. Please open an issue and/or Pull Request on @cryb/library and it will be reviewed by our team.

There aren’t any published security advisories