At Plan4Better, we take security seriously. We strive to ensure that our code is secure and that our users' data is protected. If you believe you've found a security issue in our code or have concerns about the security of our products, please do not hesitate to contact us at [email protected].
Our team will provide support and investigate security vulnerabilities for the latest release on GitHub. Minor releases may be considered for investigation on a case-by-case basis.
If you have discovered a vulnerability, please report it to us as soon as possible so that we can work to address it. To report a security issue or vulnerability, please email us at [email protected] with the following information:
- A brief description of the potential vulnerability
- Steps to reproduce the vulnerability
- Any tools or resources used to discover the vulnerability
- Your name (optional) and contact information (optional)
- We will acknowledge receipt of your report within 3 business days and will strive to provide periodic updates on our progress toward resolving the issue.
- Once we receive your report, our team will work to quickly verify and reproduce the issue.
- We will prioritize the issue based on its severity and impact, and will keep you informed of our progress throughout the remediation process.
- Once the issue has been resolved, our team will prepare a public disclosure detailing the issue, its impact, and the steps taken to resolve it.
- Our team will provide credit to anyone who reports valid security issues, unless they request to remain anonymous.
- Disclosure Policy
- We will disclose any security vulnerability to the public after a patch has been released and all potentially affected users have had a reasonable chance to upgrade their software. We - will make every effort to provide a time frame for this disclosure if possible, and will coordinate with any affected parties that may be impacted by the disclosure.
Our team will assess each vulnerability based on its potential impact and likelihood of exploitation as follows:
Critical: A vulnerability that could allow anyone to gain unauthorized access to sensitive information or systems.
High: A vulnerability that could impact many users and/or cause significant damage.
Medium: A vulnerability that may require user interaction, but could still result in data loss or unauthorized access.
Low: A vulnerability that would have limited impact and/or require significant user interaction to exploit.