If you believe you've found a security issue in software that is maintained in this repository, please you to notify me using the guidance in the 'How to Submit a Report' section of this file.
| Version | In scope | Source code |
|---|---|---|
| latest | ✅ | https://github.com/Manny-coffee-dev/Rusty-Firmware/tree/main |
To submit a vulnerability report, please contact the email below. Your submission will be reviewed and a response sent as soon as possible.
- Please provide detailed reports with reproducible steps and a clearly defined impact.
- Include the version number of the vulnerable package in your report.
- If you have any suggestions or guidance on how to mitigate the vulnerability, please include them.
Please use this public key for encrypting vulnerability reports when sending to manny.coffee-dev@pm.me where possible (guidance on how to do this can be found here:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF/OX3cBCACs2QEJBGb/0hO7wMCzhvn8Zw2UJrg1CgW+zCJbyNYS4sxBJGFE
SmNWDaHi22E/gCg78zyD668erltjEwd8ZQlosVGKLPvEUXVgzHQMww3KqkD2Q78E
FhttXKxl6F4SLY1nGfSYwyNX7vb3BoHOHSd+VYJafRSrw3b+JJN+8jbKrB0DvS6K
JW6JWT58ogEEOE6fEVYqvY6ghRUAseFJQF5u0nXBwvHWxX+8hEYw79VJBY19gchg
jKgiFMqDYJ1BIYNfCW20I75PdWRUHTBUXXiQfYh2tCdNx4Y/0X46PRcmO2Mr+Z3f
eSqbW8IFL/o5LSNlQeJyicOSoNJecPP/ecYVABEBAAG0L21hbm55LmNvZmZlZS1k
ZXZAcG0ubWUgPG1hbm55LmNvZmZlZS1kZXZAcG0ubWU+iQFNBBABCAAgBQJfzl93
BgsJBwgDAgQVCAoCBBYCAQACGQECGwMCHgEAIQkQZNvyoKOzzjQWIQQzaFBEbK5r
A5IVNBFk2/Kgo7PONIvICACav51A5o2NJeLzew43Srn4CWYMCxubC5hmFK0Tj6ax
tGEdJWBQhLTmf2vzszhELgiLGeIUxeq36+Vm33R2XJtVLQpbHRq5sESI5m6kK0Os
tHc/hAllMAbQWEVh/snUxCOSUG8kPVCdcOOE7+laz/QCXZhprNREhGOC1wsdhN9W
g7mmxPsorUCKzBBc2bQRkBWEu9Qn0rUc+FDLO6SSjOkf7IX54QTsm0u7QZGO8hQe
FzQu4Zq+xplEyRVJmVWSYgcCAiTVtDw6XN7In+fDMzYc6qLnorioVvHpc60nUYCm
qphlCCMVHJGNu2AaseWJtE3PBLY7O1VgDQ6D2qEqT2zPuQENBF/OX3cBCACs4Ar2
gRF2zN0ToN/53YOmfcmJ474/J4nKRRJAXnkuNB2kb8o6XOOpqvdI9ulhtKouo2Lc
XyC5HV774b9AQtbdupqxYgmBgrSuNMqFxnIUecHrBi4DQ9GQ5VkL1d7zxC83OVZY
E2902lKBcpKnwHHpDZMrWrLK17xZV9Ugqpv0tFc2zbNXTVsD0JpUrUBOuz2Frejc
xtDsU7fTXOqzkb8mG2V53KipWCK59hYPn2kV9xEOmE9lcctWvo0mQU1v1A0mp97R
dmRkLv+FksdHCmT3akLWN/0+hM0WSyryQRbvrKF2asjVr0wAcV9erW2VPl40W10Z
oVciTSqhU1CK/qH1ABEBAAGJATYEGAEIAAkFAl/OX3cCGwwAIQkQZNvyoKOzzjQW
IQQzaFBEbK5rA5IVNBFk2/Kgo7POND8LCACdXT8ymT3SNZ/fGNNwLX19SJ6Hgem5
+Vlzij3UtGrGTmBsVi3X8BdB+memAM6w0UHmJ9Urwiru+op0TlFfN0MfN5uJ5CHS
BsDCYVx8314xoFSF814Esfnnltko2rlYUube0XvctAgsbsoWG9melmbeF2yqC2rU
9pSnsTK8Lhf9R3MyaLB+MCychw5Nw5jKNBgu2llN6E34cF2C3aLnW5aliJOVATsN
e95GLFpnXlUg/KF8eStW6c/oSMabuhz0Ce0FgOhZoRXGoWmpobbmnH9eWvrptUCk
Ge0Ob9r3DH+zZv/6uA+4k1GvgjENmteu46W5hxNahO5XqGvR61StXbfe
=H8rU
-----END PGP PUBLIC KEY BLOCK-----
I support safe harbor for security researchers who:
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of services.
- Only interact with accounts they own or with explicit permission of the account holder. If you do encounter Personally Identifiable Information (PII) contact me immediately, do not proceed with access, and immediately purge any local information.
- Provide me with a reasonable amount of time to resolve vulnerabilities prior to any disclosure to the public or a third-party.
- Do not use social engineering (e.g. phishing, vishing, smishing).
You are expected to comply with all applicable laws. If legal action is initiated by a third party against you and you have complied with this policy, I will take steps to make it known that your actions were conducted in compliance with this policy.
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report using the information above before going any further.
Please submit a report to me before engaging in conduct that may be inconsistent with or unaddressed by this policy.