Skip to content

Security: loganvxr/Burst

Security

SECURITY.md

πŸ›‘οΈ Security Policy

We take the security and privacy of our users and the Burst language environment seriously. If you discover a security vulnerability, we greatly appreciate your help in disclosing it to us in a responsible manner.

πŸ“ Reporting a Vulnerability

If you believe you have found a security vulnerability in the Burst compiler or any related project components, please follow these guidelines for reporting:

  1. Direct Contact: Please report the vulnerability immediately by emailing us directly:

    • Email: loganpaxton@loganpaxton.tech
  2. Provide Details: In your email, please include:

    • A clear description of the vulnerability.
    • The steps required to reproduce the issue (including any code examples or test files).
    • The affected component or file (e.g., compiler.py, tokenizer.py).

⏳ Our Commitment

Stage Target Response Time Action
Initial Acknowledgment 1 Business Day We will confirm receipt of your report.
Vulnerability Resolution 7 Business Days We aim to resolve and deploy a fix for critical vulnerabilities.

πŸ›‘ Responsible Disclosure Policy

To ensure the safety of all users, we require responsible disclosure:

  • Do NOT publicly disclose the vulnerability (e.g., on social media, forums, or GitHub issues) until we have acknowledged, analyzed, and released a fix.
  • Do NOT exploit the vulnerability for personal gain, view, modify, or retain sensitive data, or test against production user data.
  • Do NOT include screenshots or copies of any sensitive or private data in your report. Only provide the technical details needed to reproduce the bug.

We thank you for helping keep Burst secure!

There aren't any published security advisories