Skip to content

Security: Open-Earth-Foundation/openfinance

Security

SECURITY.md

Security

In accordance with the disclose.io core terms, openx defines the following:

Scope

Any vulnerability in the openx repository that either results in an unintended loss of funds or results in grievance for other users of the openx platform are covered under the responsible disclosure program.

Rewards

Since openx is in its research stage right now, we are unable to provide any rewards.

Official Communication Channels

  1. Personal Message to "Varunram" on freenode IRC
  2. Preferably Encrypted Email to [email protected]. Our PGP Key fingerprint is C98F 0014 9A99 36E4 E56D 2471 708C 6065 04A4 9970

If you do not receive a reply within one day, please do send a reminder so we can act at the earliest.

Disclosure Policy

We believe in a coordinated disclosure program where vulnerability details may be shared with the public after the vulnerability has been fixed and the program owner has provided permission to disclose or after 90 days from submission, whichever is sooner.

We thank anyone who plans to report a vulnerability in advance and hope to work with you on a fix as soon as possible.

There aren’t any published security advisories