Security @ Broken Hands
For any modern application, security needs to be right at the top of the priority list. Users trust us with their data and it is important that we do everything we can to protect it, as well as making sure that by using our applications, we don't expose them to any security issues.
We also make and build components, platforms and tools, that others will use and trust to work and be secure. We need to make sure that we earn that trust.
Security Disclosure Policy
If you discover any security vulnerabilities in any of our applications, platforms or open source projects, please get in touch straight away at firstname.lastname@example.org. Please provide your name and contact information with the report.
We will investigate all legitimate reports and ensure we make every effort to fix any vulnerbility quickly.
We ask that you do not disclose any vulnerabilities until 90 days after notifying us, to allow us to fix the issues. Afterwards we are happy for you to blog and talk about the vulnerabilities. We also ask that you make every effort to avoid any privacy violations and use test accounts where applicable, and do not access or alter any information that does not belong to you.
Please contact us with as much detail as possible so we can fix the issue, including any proof of concept exploits. Finally, please do not expose any user's data when publishing your vulnerability reports.
If you follow these guidelines, then we commit to not taking any legal action against you. We want to encourage responsible reporting!