At NukeBox, we take security vulnerabilities seriously and appreciate the efforts of security researchers and users in reporting potential issues. If you discover a security vulnerability in NukeBox, we kindly request that you follow responsible disclosure practices by adhering to the following guidelines:
- Please DO NOT disclose the vulnerability publicly, including in GitHub issues or other public forums.
- Instead, we encourage you to report the vulnerability to our dedicated security contact: Ahnaf Tahmid Chowdhury.
- Provide detailed information about the vulnerability, including steps to reproduce, potential impact, and any relevant mitigations you may have identified.
We are committed to addressing security vulnerabilities in a timely manner and ensuring the safety and privacy of our users. To facilitate responsible disclosure, we kindly request that you adhere to the following principles:
- Give us reasonable time to investigate and address the reported vulnerability before disclosing it to the public or third parties.
- Avoid accessing, modifying, or sharing any private data without explicit permission.
Upon receiving a security vulnerability report, our security team will promptly review and assess the issue. We will work diligently to develop and test appropriate fixes. As soon as a security update is available, we will include relevant details in the release notes of the affected software versions.
We greatly value the contributions of security researchers and users in ensuring the security of NukeBox. Thank you for your dedication to the safety and integrity of our software.