This document explains how security issues regarding Digital Oversight licensed softwares are handled.
Reporting a Security Issue
If you think that you have found a security issue in our software, do not use the bug tracker and do not publish it publicly. Please send security issues must be sent to the email address visible in our security.txt
. Messages sent to this address will forwarded to the proper team.
Security Issue Resolving Process
1. Ackknowledgement of reception will be sent to the reporter.
2. A confirmation of the vulnerability and the estimated time of disclosure is then communicated to the reporter.
3. A single commit pull request will then be merged on the concerned repositories fixing the security issue.
4. A CVE is obtained and communicated to the reporter along with an authorization to publish.
5. A vulnerability report will then be published on this Web Site accompagnied with reporter credits.