Skip to content

Security: chirag127/TimeGuard-Office-Time-Tracker-PWA

.github/SECURITY.md

Security Policy

At OfficeTimeTracker-Progressive-Web-App-Specification, we are committed to ensuring the security and integrity of our project. We deeply appreciate the efforts of security researchers and the open-source community in helping us maintain a secure environment.

Reporting a Vulnerability

We encourage responsible disclosure of security vulnerabilities. If you discover any security-related issues within this project, please report them to us immediately. Please DO NOT open a public GitHub issue for security vulnerabilities.

To report a vulnerability, please follow these steps:

  1. Email Us: Send a detailed report to security@chirag127.dev (or a similar dedicated security email address). If a specific security email isn't available, use chirag127.dev@gmail.com.
  2. Provide Details: In your email, include the following information:
    • A clear and concise description of the vulnerability.
    • Steps to reproduce the vulnerability.
    • Any potential impact or exploit scenarios.
    • Suggested mitigation or fixes (if any).
    • Your contact information for follow-up.
  3. Encryption (Optional but Recommended): If you wish to encrypt your report, please request a PGP key in your initial email. We will provide it for secure communication.

We aim to acknowledge receipt of your report within 48 hours and provide an estimated timeline for resolution. We commit to keeping you informed about the progress of the reported vulnerability.

Responsible Disclosure Policy

We kindly request that you adhere to the following principles of responsible disclosure:

  • Private Communication: Report vulnerabilities directly to us via the designated email address before making them public.
  • Good Faith: Act in good faith to avoid privacy violations, destruction of data, or interruption of our services.
  • Timeliness: Allow us a reasonable amount of time (typically 30-90 days, depending on severity and complexity) to address the vulnerability before public disclosure.

Our Commitment

  • We will promptly investigate all legitimate reports.
  • We will keep you informed of our progress throughout the vulnerability resolution process.
  • We will credit you publicly for your responsible disclosure (with your permission) once the vulnerability has been patched and released.
  • We will prioritize the security of our users and the integrity of the OfficeTimeTracker-Progressive-Web-App-Specification project.

Thank you for helping us build a more secure project.


For general issues, questions, or non-security-related concerns, please refer to our main repository: https://github.com/chirag127/OfficeTimeTracker-Progressive-Web-App-Specification

There aren't any published security advisories