This site is under construction. Some features and pages may not work as expected. Follow us on Twitter for updates. Thank you for your understanding!
Security at OSable
OSable takes security extremely seriously, especially with our operating infrastructure and user services and tools. We operate a 'Tell and Patch' peer security scheme.
What can you do?
We encourage you to report any vulnerabilities you find within any one of our services, tools or project website as soon as possible. Rewards may be offered depending on severity and other various terms at OSable's discretion.
How to report a vulnerability or exploit to OSable
Main Method (Please submit a report on GitHub if applicable instead)
Utilise a secure mailbox such as ProtonMail
Send our security team an e-mail with details of this at: [email protected]
When sending us an e-mail, make sure to include:
Make sure to format the e-mail subject line like this: [VUL/EXP] [CONCISE INFO/NAME] - [YOUR NAME / ALIAS]
Make sure to explain the exploit / vulnerability in great depth in the e-mail including as much relevant information as possible.
Make sure to include any relevant text / .docx / picture files.
Your name or alias in the e-mail.
IMPORTANT!
DO NOT disclose this vulnerability publicly or anywhere else. Please note, doing so will also immediately void any potential rewards from us.
What next?
After sending us your e-mail, await a swift response from OSable which you can expect within a few days to a week in the future. If you are awaiting correspondence from us, please ensure your junk mail is checked too as sometimes mailbox filters can (falsely) flag our mail as SPAM. OSable will work hard to fix the security issue raised and will credit you publicly, either via your name supplied to us or your alias.
The OSable Project, aiming to maintain great standards of security.