Security Policy
Reporting Security Vulnerabilities
We take security seriously and appreciate your efforts to responsibly disclose any vulnerabilities you find.
If you discover a security vulnerability, please report it to us at:
- Email: [email protected]
- GitHub: GitHub Security Advisories
What to Include
When reporting a vulnerability, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if available)
- Your contact information
Response Timeline
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution: As quickly as possible, typically within 30 days
Disclosure Policy
We follow responsible disclosure practices:
- We will acknowledge receipt of your report within 48 hours
- We will keep you updated on our progress
- We will credit you in our security advisories (unless you prefer to remain anonymous)
- We will not take legal action against security researchers acting in good faith
Scope
This security policy applies to:
- fourmoons.net and all subdomains
- Any associated APIs or services
- Third-party integrations (when reported to us)
Out of Scope
The following are not considered security vulnerabilities:
- Spam or social engineering attacks
- Denial of service attacks
- Physical security issues
- Issues in third-party services not under our control
Contact
For general security questions or concerns, please contact us at: