CTFer.io authors believes that security researchers should act responsibly regarding disclosure.
This high-level policy applies to every repository of the organization.
Specifically, every repository clarify its scope within SECURITY.md files, along security capabilities (SBOMs, signatures, ...).
If you believe you have found any security vulnerability in one of our project, please reach out at ctfer-io@protonmail.com. In case of reporting a security vulnerability, please be noted that you may include following information:
- the repository name
- a detailed description with necessary screenshots
- versions of components related to the vulnerability
- steps to reproduce the vulnerability and if possible an advice to fix it
- other useful information
We'll make sure to review the vulnerability report as soon as possible. If we confirm it as positive, we'll publicly disclose the vulnerability and attribute you the discovery as the original reporter, unless you request otherwise.