Policy for reporting security vulnerabilities

covert-encryption / covert

An encryption format offering better security, performance and ease of use than PGP. File a bug if you found anything where we are worse than our competition, and we will fix it.

40 stars 10 forks source link

Policy for reporting security vulnerabilities #96

Closed hddqsb closed 1 year ago

hddqsb commented 1 year ago

Hi, what's the process for reporting security vulnerabilities?

(FYI: GitHub automatically treats the file docs/Security.md as the project's security policy, but that file actually contains information about the encryption format rather than instructions for reporting security vulnerabilities.)

covert-encryption commented 1 year ago

At this point in public issues, as the software is not considered stable or recommended for end users. Good point on the file name, will change that.

hddqsb commented 1 year ago

Thanks. It might be a good idea to add a big warning regarding the development status to the README (it does say "Covert is in an early development phase, so you are encouraged to try it but avoid using it on any valuable data just yet" but that message is hidden at the very bottom).