Security Policy

Reporting Vulnerabilities

We encourage and welcome reports of security vulnerabilities that could impact the security or functionality of our software and services. To report a potential issue:

  • Use the GitHub Security Tab: Navigate to the Security tab of the relevant GitHub repository to submit your report. (This is only for our open-source projects, use email for any closed-source issues.)
  • Email Us Directly: You can email us at [email protected] to share details about the vulnerability. Please include a clear description of the issue, steps to reproduce it, and any supporting materials.
  • Follow Responsible Disclosure: Do not publicly disclose the vulnerability until we have addressed it.

In Scope

We are mainly interested in reports about:

  • Security vulnerabilities such as injection attacks, authentication issues, or exposed sensitive data.
  • Configuration weaknesses in our hosted services or products.
  • Misconfigurations that could lead to unauthorized access or privilege escalation.

Out of Scope

The following activities are strictly prohibited when identifying or reporting vulnerabilities:

  • Service Disruption: Do not intentionally disrupt or degrade Layeredy services or infrastructure.
  • Sharing Vulnerabilities: Do not disclose vulnerabilities to third parties or make them public before we have resolved the issue.
  • Exploiting Vulnerabilities: Do not use a discovered vulnerability for any purpose other than reporting it to Layeredy securely.
  • Unauthorized Access: Avoid accessing or attempting to access data, systems, or accounts that do not belong to you.

Safe Harbor

We value your contributions to improving our security. If you follow this policy in good faith, we commit to:

  • Not pursuing legal action against you.
  • Working with you to understand and address the reported issue.
  • Recognizing your contributions in accordance with our public disclosure practices where appropriate.