If you discover a security vulnerability in ddex-validate, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email us at: opensource@musictechlab.io
Include the following in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Assessment: We will assess the vulnerability and provide an initial response within 5 business days
- Resolution: We aim to resolve confirmed vulnerabilities within 30 days
| Version | Supported |
|---|---|
| Latest | Yes |
- We follow coordinated disclosure practices
- We will credit reporters (unless they prefer anonymity) when publishing fixes
- We ask that you give us reasonable time to address the issue before public disclosure
Thank you for helping keep ddex-validate and its users safe.