At rtCamp, we take the security of our software products and services seriously. This document outlines how you can report vulnerabilities and how we handle them to ensure our users’ safety.
If you discover any security vulnerability in SnapWP, please follow these steps:
-
Private Disclosure: Do not publicly disclose vulnerabilities. Instead, report the issue by emailing us at [email protected].
-
Details to Include: To help us assess and address the issue quickly, please include as much of the following information as possible:
- Type of vulnerability (e.g., SQL injection, cross-site scripting, buffer overflow)
- Affected source files (include full paths or URLs if possible)
- The version or commit where the issue was found
- Steps to reproduce the vulnerability, including any special configurations
- Proof-of-concept code (if available)
- Description of the impact and how an attacker could exploit the vulnerability
-
Response Time:
- We will acknowledge your report within 3 working days.
- A detailed assessment will follow within 5 business days.
- If the issue is confirmed, we will work on a fix and notify you once resolved.
-
Resolution and Disclosure: We will work to either resolve the vulnerability or provide mitigation steps. Once a fix is published or the issue is otherwise addressed, we will inform you. You may then publicly disclose the vulnerability after receiving our confirmation.
Please do not disclose the vulnerability publicly until the fix is released or we have given you the go-ahead.
-
Credit: If you are the first to report the issue and you request recognition, we will credit you in the security advisory.
We prefer all communications to be in English.
We follow the principles of Coordinated Vulnerability Disclosure (CVD). This means we work closely with security researchers and provide time to patch vulnerabilities before they are publicly disclosed.
Thank you for helping us keep SnapWP secure!