Manage It Pty Ltd (ABN 98 105 164 903, Belmont WA, Australia) is committed to ethical and responsible investigation and disclosure of security vulnerabilities discovered in our public repositories and published libraries. We will investigate any legitimately reported security issues and vulnerabilities as long as they follow the policies set forth below.
- All public repositories currently hosted under the
manageitwaorganization on GitHub. We will only support the latest version of each major branch (semver) of each product that has not been explicitly declared end-of-life (EOL).
Please report any security vulnerabilities to our Business Systems Manager via email address to [email protected], stating clearly what the security vulnerability is, as well as how it is exploited. We recommend that you provide a proof-of-concept of the exploit being used, either as step-by-step instructions and/or screenshots or video.
Once we have received a security vulnerability report and have investigated and deemed it valid, we ask the opportunity to remediate the issue first and will provide you a timeframe for when we can remediate the issue.
Once done, we will publish a security advisory on our GitHub repository as well as any package management repositories that the product is hosted on. Depending on the severity of the issue, we will also publish the vulnerability on our website(s) and social media account(s).
After this has occurred, the security researcher who discovered the issue may publish the issue on their own platform if they wish. We will assign proper credit to security researchers who discover these issues.
Manage It Pty Ltd does not offer security bounties at this point in time. If this changes, we will publish this fact here.
It is Manage It Pty Ltd's policy to not respond to any extortionate or coercive communications, including submitting security vulnerabilities that will only be disclosed by offering a fee. We will summarily disregard any such communication and report the communications and the sending parties to law enforcement or other governing bodies as we see fit.