Being a security tool, we take security seriously and strive to maintain a secure development process & use of clean components. This document outlines our approach to handling security-related issues.

We encourage responsible disclosure of security vulnerabilities in Whispr. If you believe you've found a security issue, please report it to us using the GitHub Issues feature or via email at [email protected].

Do not disclose security issues publicly without our permission.

When reporting a security vulnerability, please include:

1. Clear description: A detailed explanation of the issue.
2. Steps to reproduce: A step-by-step guide on how to reproduce the issue.
3. Potential impact: An estimate of the potential impact if exploited.
4. Fix suggestion: Any suggested fixes or mitigations.

When a security vulnerability is reported, our process includes:

1. Acknowledgment: We'll respond to acknowledge receipt of your report and express gratitude for bringing it to our attention.
2. Internal review: Our team will investigate the issue internally.
3. Verification: We'll verify the existence of the vulnerability through testing or other means.
4. Fix development: If the issue is confirmed, we'll develop a fix.
5. Release: Once the fix is developed and tested, it will be released in a new version of Whispr.