If you discover a security issue in this project, please report it to us in a responsible and coordinated manner. We appreciate your help in disclosing the issue and will work with you to address it promptly.
Please do not create public issues or pull requests for security-related matters.
-
Email: Send an email to info@nibmcs.org with a detailed description of the issue.
-
Responsible Disclosure: We kindly request that you give us a reasonable amount of time to respond to and address the issue before disclosing it to the public or to third parties. We aim to acknowledge your report within 72 hours.
-
Cooperation: We encourage you to work with us to understand and mitigate the issue, as well as verify any fixes.
We use the following classification system for vulnerabilities:
-
Critical: Vulnerabilities that can be exploited remotely and may lead to data compromise, system compromise, or other significant security impact.
-
High: Vulnerabilities that may lead to significant security impact but are more difficult to exploit due to factors such as limited scope or potential attacker prerequisites.
-
Medium: Vulnerabilities that may have a moderate security impact but are typically harder to exploit or have some mitigating factors.
-
Low: Vulnerabilities with a limited security impact, often requiring unlikely conditions to be exploited.
This project is provided "as-is," and security updates are applied at our discretion. While we strive to maintain a secure codebase, we cannot guarantee immediate fixes for all reported issues.
We appreciate your efforts to responsibly disclose security issues and your understanding of the scope and support of this project.
Thank you for helping to keep this project safe and secure!