This project is part of the VPDLNY (Vulnerable Persons Defense League of NY) open-tools collective. Many of these tools handle OSINT data, live geopolitical feeds, or interface with social platforms — so security reports are taken seriously and acknowledged quickly.
Preferred channel: Direct message on Bluesky to @indicaindependent.bsky.social.
Please include:
- A description of the vulnerability
- Steps to reproduce (or a proof-of-concept if safe to share)
- The repo + commit/version affected
- Your preferred disclosure timeline
- Acknowledgment: within 7 days of report
- Initial assessment: within 14 days
- Fix or mitigation: target 30 days for critical, 90 days for lower-severity
- Public disclosure: coordinated with reporter; credit given unless you prefer anonymity
- Vulnerabilities in third-party dependencies — please report upstream first
- Social-engineering or physical-access attacks against the maintainer
- Issues in archived repositories (see repo status)
This policy covers all repositories under github.com/indicaindependent, including all production Cloudflare Workers, Bluesky bots, and public-facing tools.
VPDLNY — Information is the weapon. Used responsibly.