We take the security and privacy of our users and the Burst language environment seriously. If you discover a security vulnerability, we greatly appreciate your help in disclosing it to us in a responsible manner.
If you believe you have found a security vulnerability in the Burst compiler or any related project components, please follow these guidelines for reporting:
-
Direct Contact: Please report the vulnerability immediately by emailing us directly:
- Email:
loganpaxton@loganpaxton.tech
- Email:
-
Provide Details: In your email, please include:
- A clear description of the vulnerability.
- The steps required to reproduce the issue (including any code examples or test files).
- The affected component or file (e.g.,
compiler.py,tokenizer.py).
| Stage | Target Response Time | Action |
|---|---|---|
| Initial Acknowledgment | 1 Business Day | We will confirm receipt of your report. |
| Vulnerability Resolution | 7 Business Days | We aim to resolve and deploy a fix for critical vulnerabilities. |
To ensure the safety of all users, we require responsible disclosure:
- Do NOT publicly disclose the vulnerability (e.g., on social media, forums, or GitHub issues) until we have acknowledged, analyzed, and released a fix.
- Do NOT exploit the vulnerability for personal gain, view, modify, or retain sensitive data, or test against production user data.
- Do NOT include screenshots or copies of any sensitive or private data in your report. Only provide the technical details needed to reproduce the bug.
We thank you for helping keep Burst secure!