Cradicle Explorer
affinescript-playground
/ SECURITY.md
SECURITY.md
 1  # Security Policy
 2  
 3  We take security seriously. We appreciate your efforts to responsibly disclose vulnerabilities and will make every effort to acknowledge your contributions.
 4  
 5  ## Reporting a Vulnerability
 6  
 7  ### Preferred Method: GitHub Security Advisories
 8  
 9  The preferred method for reporting security vulnerabilities is through GitHub's Security Advisory feature:
10  
11  1. Navigate to [Report a Vulnerability](https://github.com/hyperpolymath/affinescript-playground/security/advisories/new)
12  2. Click **"Report a vulnerability"**
13  3. Complete the form with as much detail as possible
14  4. Submit - we'll receive a private notification
15  
16  ### Alternative: Email
17  
18  If you cannot use GitHub Security Advisories, you may email us directly:
19  
20  | | |
21  |---|---|
22  | **Email** | hyperpolymath@proton.me |
23  
24  > **Important:** Do not report security vulnerabilities through public GitHub issues, pull requests, discussions, or social media.
25  
26  ## Scope
27  
28  ### In Scope
29  
30  - This repository and all its code
31  - Official releases and packages
32  - Dependencies (report here, we'll coordinate with upstream)
33  
34  ### Qualifying Vulnerabilities
35  
36  We're particularly interested in:
37  
38  - Memory safety issues (critical for affine types)
39  - WebAssembly security concerns
40  - Resource leak vulnerabilities (affine type bypass)
41  - Command injection, code injection
42  - Path traversal / local file inclusion
43  - Information disclosure
44  
45  ## Response Timeline
46  
47  | Stage | Timeframe |
48  |-------|-----------|
49  | **Initial Response** | 48 hours |
50  | **Triage** | 7 days |
51  | **Resolution** | 90 days |
52  
53  ## Safe Harbour
54  
55  If you conduct security research in accordance with this policy:
56  
57  - We will not initiate legal action against you
58  - We will not report your activity to law enforcement
59  - We will work with you in good faith to resolve issues
60  
61  ---
62  
63  *Thank you for helping keep AffineScript Playground and its users safe.*
64  
65  <sub>Last updated: 2025</sub>