Skip to content

Security: tilesprivacy/tiles

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

We take security vulnerabilities seriously. If you discover a security vulnerability in Tiles, please report it to us responsibly.

How to Report

We encourage you to use GitHub's Security Advisory feature to report vulnerabilities privately:

  1. Go to the Security tab in this repository
  2. Click on "Report a vulnerability" or "Advisories"
  3. Click "New draft security advisory"
  4. Fill out the security advisory form with:
    • A clear description of the vulnerability
    • Steps to reproduce the issue
    • Potential impact and severity assessment
    • Any suggested fixes or mitigations

Alternatively, you can report vulnerabilities by emailing security@tiles.run with:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Your contact information

What to Include

When reporting a vulnerability, please provide:

  • Description: A clear description of the security issue
  • Steps to Reproduce: Detailed steps to reproduce the vulnerability
  • Impact: The potential impact if this vulnerability is exploited
  • Severity: Your assessment of the severity (Critical, High, Medium, Low)
  • Affected Versions: Which versions of Tiles are affected
  • Suggested Fix: If you have ideas for how to fix the issue (optional but appreciated)

Response Timeline

We aim to:

  • Acknowledge your report within 48 hours
  • Triage the vulnerability within 7 days
  • Provide updates on our progress regularly
  • Resolve critical vulnerabilities as quickly as possible

Disclosure Policy

  • We will work with you to coordinate public disclosure after the vulnerability has been addressed
  • We will credit you in our security advisories (unless you prefer to remain anonymous)
  • We will not disclose your report publicly until a fix is available

Security Best Practices

When testing for vulnerabilities:

  • Do not access or modify user data without permission
  • Do not perform any actions that could harm users or their systems
  • Do not violate any laws or breach any agreements
  • Do act in good faith and follow responsible disclosure practices

Security Updates

Security updates will be released as soon as possible after a vulnerability is confirmed and fixed. We recommend:

  • Keeping Tiles updated to the latest version
  • Subscribing to the Tiles blog for important security updates

Questions?

If you have questions about this security policy, please contact us at security@tiles.run.

Thank you for helping keep Tiles secure!

There aren’t any published security advisories