OpenCove takes the security of our users and their code very seriously.
| Version | Supported | Notes |
|---|---|---|
0.1.x |
β Yes | Current Alpha |
< 0.1.0 |
β No | Prototype releases |
We strongly encourage you to report potential security vulnerabilities to our team.
- Open a public GitHub Issue for a security vulnerability.
- Disclose the vulnerability publicly before we have had a chance to address it.
- Send a private report via GitHub Security Advisories (if enabled) or email deadwavewave@gmail.com directly.
- Include a Proof of Concept (PoC) or detailed reproduction steps.
- Describe the impact of the vulnerability.
We commit to the following response timeline:
- Acknowledgement: Within 72 hours.
- Assessment: We will confirm the issue and determine its severity.
- Fix: We will work to patch the vulnerability as quickly as possible.
- Disclosure: We will coordinate public disclosure with you.
If a security report involves leaked keys/tokens:
- Rotate any compromised credentials immediately.
- Redact sensitive information from screenshots or logs before sharing.
Thank you for helping keep OpenCove secure. π‘οΈ