Our mission at Binspire is to ensure that security issues are addressed promptly and responsibly, minimizing risks for our users, contributors, and partners. We take security seriously and appreciate your help in keeping Binspire safe.

If you believe you have discovered a security vulnerability in Binspire, please follow these steps:

• Do not report security vulnerabilities through public GitHub issues. Public exposure can inadvertently provide attackers with sensitive information before the issue is resolved.

• Avoid submitting a pull request with a fix before reporting the vulnerability. This allows our security team to verify and address the issue appropriately before any public changes are made.

• Email our security team at contact.binspire@gmail.com.
• Please include detailed information such as:
  • Steps to reproduce the vulnerability.
  • Environment details (OS, browser, version, etc.).
  • Any potential impact or risk assessment.
  • Screenshots or code snippets if applicable.

• If you prefer to use GitHub to report, you may create a draft security advisory using the template "Report a security vulnerability."
• If you’ve already created a fix, fill out the draft advisory and submit it for review before publishing.

• We will acknowledge receipt of your report within 5 business days.
• We may reach out for further information, clarification, or testing if necessary.
• After verification and resolution, we will publicly disclose the vulnerability (with your consent for attribution).

• Avoid testing vulnerabilities on production systems without permission.
• Do not attempt to exploit vulnerabilities beyond what is necessary to demonstrate the issue.
• Refrain from sharing details of the vulnerability until it has been resolved.

• We credit all researchers who responsibly disclose vulnerabilities in public acknowledgements with their consent.

Thank you for helping us maintain a secure ecosystem at Binspire. Responsible disclosure protects everyone and strengthens our community.