Security Vulnerability Reporting Policy
If you think you have found a security vulnerability on limawi or on any of our services, we invite you to contact us immediately. If you wish to contact us for anything else, please use the general contact page. Thanks.
We are committed to working with the community to verify, reproduce, and respond to legitimate reported vulnerabilities.
We encourage the community to participate in our responsible reporting process.
If you would like to report a security vulnerability, please contact us on the DPO contact page. Here is the DPO’s PGP/GPG key. You may use it to mail him directly your report. Please provide your name, contact information(s), and company name (if applicable) with each report. If you use the DPO’s PGP/GPG key, don’t forget to include your PGP/GPG public key with such reports, if you have one.
Responsible Disclosure Guidelines
We will investigate all legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we commit that we will never take legal action against you or ask law enforcement to investigate you, if you completely comply with the following Responsible Disclosure Guidelines:
- Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC);
- Make good faith efforts to avoid privacy violations, destruction of data and interruption or degradation of our services;
- Do not modify, delete or access data that does not belong to you;
- Give us a reasonable time to correct the issue before making any information public.
We will attempt to respond to your report within 1 or 2 business days.