How to contact us about a security issue
If you have discovered a security issue pertaining to software that Neocrym has written or deployed, we ask that you contact us by sending an email to firstname.lastname@example.org.
If you want to contact us using end-to-end encryption, you can send an email to email@example.com.
How NOT to disclose a security issue
Please do not publicly disclose security issues pertaining to Neocrym's technology or infrastructure before you have emailed firstname.lastname@example.org or email@example.com and have received a response from us.
Legal issues involved with discovering and reporting vulnerabilities
If you offer a patch for a security vulnerability, you must agree to assign copyright to Neocrym. To merge a pull request into one of our open source repositories, you will have to agree to Neocrym's Contributor Licensing Agreement (CLA).
And when communicating with other members of a Neocrym-run community--such as a mailing list or GitHub Issues page--you are expected to follow the Neocrym Code of Conduct (CoC).
Neocrym's security program
Neocrym does not have a currently-active bug bounty for security issues. We currently do not guarantee payment for independent researchers that discover issues before contacting us first.
Some infrastructure that we rely upon actually belongs to our vendors. In such cases, you would be bound by their security policies in addition to ours. Please contact us if you have any confusion about this matter.
We do not permit you to run automated security scanners or tools that harm the quality or availability of the services that Neocrym offers. If you would like to use such tools against our infrastructure, please contact us first.
If you are interested in doing security work for Neocrym, feel free to contact us beforehand.