Skip to content

Security Policy

Reporting a Vulnerability

We take the security of our project seriously. As a non-commercial, analytical software project, we believe that public transparency is the best way to identify and address security issues.

If you discover a security vulnerability within this project, we encourage you to report it publicly. You can do this by creating a new issue on our GitHub repository.

When creating a security-related issue, please include the following information:

  • A clear and concise description of the vulnerability.
  • Steps to reproduce the vulnerability.
  • The potential impact of the vulnerability.
  • Any suggested mitigations or fixes (if you have them).

We will acknowledge the issue within 48 hours and will work to address it in a timely manner. We appreciate your efforts to help us improve the security of this project.

Our Commitment

We are committed to:

  1. Addressing security issues in a timely and transparent manner.
  2. Keeping the community informed about the status of any reported vulnerabilities.
  3. Giving credit to the reporter of the vulnerability in the release notes and commit history.

We believe that this open approach to security will help us to build a more robust and trustworthy tool for everyone.