The security of our systems and the protection of our users' data are of utmost importance to me, 4trodev. I appreciate the efforts of security researchers and community members in helping identify and address potential vulnerabilities. This Security Policy outlines the steps to follow when reporting security concerns related to my projects.

If you believe you have discovered a security vulnerability or have concerns regarding the security of any 4trodev project, please help address it by following these steps:

1. Submit a Report: Send an email to security@4trodev.com to report the vulnerability or concern. Please provide a detailed description of the issue, including the following information:

   • Description of the vulnerability or concern.
   • Steps to reproduce the issue (if applicable).
   • The affected project(s) and version(s) (if known).
   • Any additional information or proof of concept that can assist in understanding and reproducing the issue.
   • A sample security email can be found in Vex-Code-Snippets/SECURITY.md.

2. Responsiveness: I will acknowledge your report and assess the severity and validity of the issue. I aim to provide an initial response to your report within 48 hours, although the actual response time may vary depending on the complexity of the issue.

3. Collaboration: I appreciate your cooperation and request that you allow me a reasonable amount of time to investigate and address the reported vulnerability or concern. I commit to keeping you informed of the progress and working with you to resolve the issue.

4. Responsible Disclosure: I request that you do not publicly disclose the vulnerability or issue until I have had an opportunity to investigate and address it. I strive to resolve reported vulnerabilities promptly and will work with you to determine an appropriate disclosure timeline.

To ensure a positive and effective collaboration, I kindly ask you to adhere to the following guidelines:

• Provide Sufficient Information: Please provide detailed and accurate information about the vulnerability or concern, including steps to reproduce (if applicable) and any relevant supporting material.
• Respect Confidentiality: Ensure that any information shared during the vulnerability disclosure process remains confidential and is not disclosed to others without explicit permission.
• Do Not Exploit or Cause Harm: Do not attempt to exploit any security vulnerability beyond what is necessary to demonstrate the existence of the vulnerability. Do not perform any action that could cause harm to the systems or data of 4trodev, its users, or any other parties.

I greatly value the contributions of security researchers and community members who help maintain the security of my projects. If you are the first person to report a unique and valid security vulnerability that was previously unknown, I may acknowledge your contribution, subject to your permission and the nature of the vulnerability.

I would like to express my sincere gratitude for your assistance in making 4trodev projects more secure.

Thank you for your commitment to responsible disclosure and for partnering with me to maintain the security and integrity of my systems and user data.

Last Updated: 06/11/2024