Skip to content

Security Policy

Reporting a Vulnerability

If you discover a security issue, please report it responsibly.

Do NOT create a public GitHub issue for security vulnerabilities. Instead:

  1. Email: Contact magnus@botwork.se directly
  2. GitHub Security Advisories: Use Private vulnerability reporting

We aim to respond within 48 hours and provide a timeline for the fix.

Scope

  • Prove compiler vulnerabilities
  • Runtime security issues
  • Standard library security flaws

Out of Scope

  • Social engineering
  • Physical security
  • Denial of service (unless trivially exploitable)

Security.txt

For automated security contact discovery, see .well-known/security.txt.