Skip to content

Security: studiolanes/twenty

SECURITY.md

Security Policy

Reporting a Vulnerability

We strongly encourage reporting any potential vulnerabilities.

If you suspect a vulnerability, please take the following steps:

  • Contact us immediately at security at twenty.com.
  • Include a comprehensive description of the potential vulnerability and steps to reproduce the issue, if possible. The more information you can provide, the quicker we can address the problem.

Our commitment is to respond to your initial report within one business day. While we're addressing the issue, we kindly request you to maintain confidentiality about the vulnerability to ensure the security of all users. Please refrain from exploiting the vulnerability or revealing the problem to others.

While we don't currently have a formal bug bounty program due to the project's nascent stage, we can assure you that:

  • Your report will be responded to within one business day.
  • Your report and all accompanying data will be handled with utmost confidentiality.
  • We greatly appreciate your contribution and would be happy to acknowledge your role in the vulnerability fix, should you choose to be identified.
  • We will grant you permission to publicly discuss your findings after the patch has been released and a reasonable time has passed for users to implement it.
  • We (obviously) guarantee that we will not pursue any legal action as long as the vulnerability is not exploited.

Security Features

We are always looking for ways to improve our product's security. If you have any recommendations or feature request that could enhance the product's security, we invite you to share them with us via the dicsussion forum.

⚠️ Note this does not apply to security vulnerabilities. If you're in doubt, then always follow the security vulnerability process

There aren’t any published security advisories