Skip to content

Security: blacklight/surfingkeys-conf

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

To report a low-risk security vulnerability, please open an issue.

To report a medium- to high-risk vulnerability, please email me at maddy -at- na dot ai.

Low-risk is loosely defined as a vulnerability that may cause annoyance to the user.

Medium-risk is loosely defined as a vulnerability that may:

  • be used to cause a denial of service to the user, their network, or other networks
  • require an attacker to have physical access to the user's device

High-risk is loosely defined as a vulnerability that may be exploited by a remote attacker to:

  • run arbitrary code on the user's browser or device
  • exfiltrate private data from the user's browser or device
  • cause data loss or damage to the user's browser or device

These are general guidelines; please use your best intuition to decide how to responsibly disclose any security issue.

There aren’t any published security advisories