Security is of utmost importance in an authentication library like Google Sign-In for Rails. We at Basecamp use this plugin in our own apps, so we have a vested interest in investigating and mitigating all reported vulnerabilities. We welcome responsible security reviews and reports from our peers in the open-source software community and strive to acknowledge such valuable contributions.
Send urgent or sensitive reports to security@basecamp.com. If necessary, use our public key to protect your message and provide us with a secure way to respond. We’ll get back to you as soon as we can—usually within one business day. Please follow up or ping us on Twitter if you don’t hear back. For non-urgent or non-sensitive requests, please contact our support team.
Read more about our security response policy on our website.