1.3 KiB
1.3 KiB
Security Policy
Reporting a Vulnerability
If you discover a security issue in Intelligence Terminal, please report it privately instead of opening a public issue.
Use the private security contact configured for this Gitea repository or contact the repository owner directly.
Use a subject line like:
[Intelligence Terminal Security] short description
Please include:
- affected component or file
- steps to reproduce
- impact
- proof of concept if available
- any suggested remediation
Response Expectations
Best-effort targets:
- acknowledgement within 72 hours
- initial triage within 7 days
- coordinated disclosure after a fix is available
Scope
The highest-priority reports are:
- XSS or HTML/script injection in the dashboard
- unsafe rendering of mixed-source external content
- authentication or secret-handling issues
- server-side injection or path traversal
- dependency or supply-chain issues with real exploit impact
Out of Scope
The following are generally lower priority unless they create a concrete exploit path:
- minor UI bugs
- missing best-practice headers without impact
- rate limiting or reliability issues without a security consequence
Public Disclosure
Please do not disclose the issue publicly until a fix is shipped or we agree on a disclosure timeline.