Security Policy

Supported Versions

We only support the newest version of simplePass. You can find the latest version on the projects GitHub in the package.json files version attribute.

Reporting a Vulnerability

If you believe you have found a vulnerability in this program please contact one of the following maintainers at their mailing address provided:

staticBanter[Owner] - staticbanter@staticblogs.ca

Your message should follow this format:

The message title needs to include the phrase "simplePass Security Report"
The message body should follow the same format as a Bug Report but change the title too Security Report. To find the Bug Report template please visit the simplePass GitHub Bug Report Issue Template

You may submit a report as may times as you like but we ask that you please wait at least 7-days between emails of the same report.

We ask the following of you during this time:

That you remain active in the community as you may be called upon for further elaboration and collaboration.
That you refrain from disclosing the vulnerability to any other entity.

If you do not hear from any of the maintainers for over 30-Days AND after a minimum of 1 repeated email reports from your initial email (totalling 2 reports), we ask that you post an issue on GitHub following the same format as above. You will also be free to disclose the vulnerability to other entities as well. This is a last resort effort to at least alert the community to issues.

If we respond to your report we will be as honest and open as we can about how we are going to approach the situation and how long it may take us to solve it. We ask that you respect our honesty and do not share any information that we will disclose with you until we approve.

_{Thank you for taking the time to read this document. If you have any questions comments or concerns regarding this document report open an issue on the simplePass GitHub Issue Tracker}