Who to contact for security issues

4cc3ssX / react-native-totp-utils

A full-featured Time-Based One-Time Password (TOTP) library for React Native witten in C++

MIT License

21 stars 2 forks source link

Who to contact for security issues #3

Open psmoros opened 1 year ago

psmoros commented 1 year ago

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@pandaninjas) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

4cc3ssX commented 1 year ago

Hello @psmoros, currently I'm the only one who is actively contributing and also this is just a fun crafting to learn something new. But I always welcome and care about security as the first priority so please feel free to send me the security issue from the library and also PRs are welcome too!✨ Thank you for your information and just added SECURITY.md here (#4)