At OpenDORA, we take security seriously. If you believe you have found a security vulnerability, please follow the responsible disclosure process and report it to us immediately. We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions.

1. Do not disclose the issue publicly. Please do not post the issue on GitHub, forums, or any other public platform until we have had a chance to address it.

2. Submit a report. Send a detailed email to opendora@devoteam.com with the following information:

   • Your name and affiliation (if any).
   • A detailed description of the vulnerability, including steps to reproduce it.
   • Attach any necessary PoC (Proof of Concept) files or code snippets.
   • Your contact information for further communication.

3. Wait for acknowledgment. We will acknowledge your email within 5 business days to confirm that we have received your report.

4. Investigation and Resolution. Our security team will investigate the issue and determine its impact and severity. We will keep you informed of our progress and expected timeline for resolution.

5. Release and Public Disclosure. Once the issue is resolved, we will coordinate with you to determine an appropriate timeline for public disclosure. We will credit you for your responsible disclosure unless you prefer to remain anonymous.

This security policy applies to the OpenDORA GitHub repository and any related projects maintained by the OpenDORA Team. It covers all aspects related to security, including but not limited to source code, documentation, communication channels, and infrastructure.

The security policy applies to the latest release of OpenDORA and the previous version. We encourage users to update to the latest version to benefit from the latest security enhancements.

We will not take legal action against you or pursue any legal action related to your security research if you adhere to this responsible disclosure policy.

Thank you for helping keep OpenDORA and its users safe and secure. We appreciate your contributions to the security of our project.

OpenDORA Team