Report a vulnerability to avm99963
If you have found a vulnerability in software that I've developed or in one of my websites, please contact me as soon as possible using the resources you'll find at https://www.avm99963.com/.well-known/security.txt. In particular, please encrypt your message using my public PGP key (I use gnupg), or contact me so we can find a secure way of transmitting the vulnerability details.
I ask you to please keep the vulnerability information private between us until the vulnerability has been fixed. As I want to hold myself to the same standards I hold others when I report vulnerabilities to them, I accept that the vulnerability details may be published 90 days after I receive your report, even if I don't fix the vulnerability.
I believe vulnerability details should always become public because everyone has the right to know about them and protect against them, although if there isn't evidence that a vulnerability is being actively exploited, in my opinion it's better to keep them private until either the vulnerability is fixed and the fix widely distributed, or the deadline has elapsed.
Thanks!
- Last Author
- avm99963
- Last Edited
- Jan 26 2021, 2:26 PM