Skip to content

Security: carlooosdev/easypgp

Security

SECURITY.md

Security Policy

Supported Versions

The EasyPGP project is an open-source project that aims to provide a convenient way to generate PGP key pairs, encrypt messages, and decrypt messages. As an open-source project, the support and maintenance of the project are driven by the community. Therefore, only the latest version of the project will receive regular updates and security patches.

Reporting a Vulnerability

If you discover any security vulnerabilities or issues within the EasyPGP project, please report them to our security team by emailing [email protected]. We kindly request that you do not publicly disclose the issue until we have had a chance to investigate and respond to your report. We take security very seriously and aim to address any issues promptly.

When reporting a security vulnerability, please include the following details:

  • A description of the vulnerability and its potential impact.
  • Steps to reproduce the vulnerability.
  • Any additional information or tools required to reproduce the vulnerability.
  • Your contact information (name, email address) for communication.

Responsible Disclosure

We appreciate your responsible disclosure of any security vulnerabilities. We will acknowledge receipt of your report within 48 hours and will provide periodic updates on the progress of the investigation. Once the issue has been resolved, we will publicly acknowledge your contribution, if desired, and may be able to offer a monetary reward based on the severity and impact of the vulnerability.

Scope

The security policy applies specifically to the EasyPGP project and its associated code repositories. Issues discovered in any third-party dependencies should be reported directly to the respective maintainers of those projects.

Security Best Practices

We encourage users of the EasyPGP project to follow security best practices, such as:

  • Keeping the application and its dependencies up to date with the latest releases that include security fixes.
  • Using strong and unique passphrases when generating PGP key pairs.
  • Protecting your private key and passphrase from unauthorized access.
  • Being cautious when sharing your public key and only sharing it with trusted individuals.

By following these best practices, you can help ensure the security of your encrypted messages and PGP key pairs.

Disclaimer

The EasyPGP project, including its maintainers and contributors, cannot be held responsible for any damages or losses arising from the use or misuse of the application or its associated code. Users are responsible for understanding and complying with the terms of use and applicable laws while using the EasyPGP application.

There aren’t any published security advisories