Webtile-Maltego is a free and open-source tool which comes with absolutely no warranty; however, we still take your security seriously and wish to implement steps to protect our users. As such, the developer has adopted this security disclosure and response policy to ensure that critical issues are responsibly handled.
Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported privately, to minimize attacks against current users of webtile-maltego before they are fixed. Vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible. This information could be kept entirely internal to the project.
To report a vulnerability or a security-related issue, please email contact @ kodamachameleon.com to inform our team and await for further instructions. Do not report non-security-impacting bugs through this channel. Use GitHub issues instead. We recommend encrypting the email using PGP. Our public key is:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Keybase OpenPGP v2.1.15
Comment: https://keybase.io/crypto
xm8EZIHlKhMFK4EEACIDAwS+BrP4bTrBKlx9kSWPecPgWrLSeK2WXBBTRv/msNaS
ToDj/WElU1shjPbQ38R0kbpQjZyvtb5yoU8wZDOSJ3ID+/5rd5LrqgTDOUVo584/
xO8pMnBqOp7964kEnp/tHA/NJGtvZGFtYSA8Y29udGFjdEBrb2RhbWFjaGFtZWxl
b24uY29tPsKWBBMTCgAeBQJkgeUqAhsvAwsJBwMVCggCHgECF4ADFgIBAhkBAAoJ
EJ9tiu25c3xgJ5YBgNpkgFYrwnwqVsWkq3b0U4uRNUXuXjue3It5p031GqDZNxm8
PyXYaOnDeMjZAzo+tgF8Dv7x5iMn+Eh9G9vI9TgmMfcXyGnW+J6xihFqan4wFBoZ
vNSJ4DTHWOgP7HHTMkyBzlIEZIHlKhMIKoZIzj0DAQcCAwTSFEu8O4nN8aJ8M5ie
ARBVjGHGuCIUJRQoNlKXNl/3TZz/EOV0JjseHO8Li67EEPtdWf48tPa8OWZh4Gqh
SoPRwsAnBBgTCgAPBQJkgeUqBQkPCZwAAhsuAGoJEJ9tiu25c3xgXyAEGRMKAAYF
AmSB5SoACgkQpQ43xt6pEnQknwD/aWL8lXs0iAtcmVXpIXNvJf8CRvFFfxuFhMaO
Se/ffqIA/i4FOG8oHw85lsT1VpDRZXGefzjVBYi5SZ6L7SLRK84zWVQBewbBhtym
jUsjqCTUvEJeTXbJej8apHhbRR5cCSk3SkOyo4dJ4xpfM4MxBQ9Rx3elbQGA1wJs
nPUoZFhUh8NVqnbKpraCt9Z1xwB2gWa9SYXCny5ebprjrEqzV+UCds+3VNj+zlIE
ZIHlKhMIKoZIzj0DAQcCAwSNEqd19C8tTcGMNZsTKyJYJ4O41OlPF0hBRyibdWce
TS/7j5RLLu6cn8VHU0czQe9Q+T93ia6gz4fh26Oi03uewsAnBBgTCgAPBQJkgeUq
BQkDwmcAAhsuAGoJEJ9tiu25c3xgXyAEGRMKAAYFAmSB5SoACgkQp/XI2AnwhPCT
7QEA4F79ruDcE4oOIMhZRBiPwsc/ul1llEo9tLUJwRxe0wIBAM4syvCygQzv8Och
8I6lQ/TXkYZUET1hU+2uu/abId8oOGMBgNVr1h36WYlKIrLIGHfN6NGElL027LoJ
Iy7hL/OfxzJ75LOfinXIGvkeyuEijweDvgF+IX2bdro6lN2yf83NLpIhllaFFccE
wpeSRGjD85SwFz0OZlAbWenfTS/GS+OUUL9d
=uyC1
-----END PGP PUBLIC KEY BLOCK-----
IMPORTANT: Do not file public issues on GitHub for security vulnerabilities
Keep in mind that we are a small and unsponsored team (aka this isn't our day job), so please be patient with us as we try to respond to each concern.
This security policy is based on Harbor's security policy.