Security is important. This document outlines our security policy for the TIR-Project Go API and provides guidance on how to responsibly report security vulnerabilities.

If you've found a security vulnerability in our code, we appreciate your help in disclosing it to us in a responsible manner.

If you discover a security vulnerability in our project, we kindly request that you refrain from disclosing it publicly.

Please email us at ntfargo@proton.me with initial details of the vulnerability. Make sure to provide as much information as possible to help us understand the scope and impact.

Once received, our security team will review the information and may contact you for further details, if necessary.

After assessing the vulnerability, we will take appropriate action to resolve it. We will then coordinate with you to disclose the issue responsibly to the public, if appropriate.

Contributors who help identify and resolve vulnerabilities will be acknowledged in the project’s documentation or website, unless they wish to remain anonymous.

• A detailed explanation of the vulnerability
• Steps to reproduce the issue (if possible)
• Any potential impact of the vulnerability
• Suggestions for how to fix or mitigate the issue, if any
• Response Time

We aim to acknowledge reports within 48 hours and to provide an assessment of the issue within a week. Please understand that resolving the issue may take more time depending on its complexity.

We encourage responsible disclosure and will not take legal action against those who report security vulnerabilities in compliance with this policy.