Skip to content

Security: Darkmintis/Koda

.github/SECURITY.md

Security Policy

Supported Versions

We take security seriously. The following versions of Koda are currently supported with security updates:

Version Supported
1.x.x βœ…
< 1.0 ❌

Reporting a Vulnerability

If you discover a security vulnerability in Koda, please report it to us as follows:

πŸ”’ Please DO NOT report security vulnerabilities through public GitHub issues

Instead, please report security vulnerabilities by emailing: security@koda.design

What to Include

When reporting a security vulnerability, please include:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and severity
  • Any suggested fixes or mitigations (optional)
  • Your contact information for follow-up

Our Process

  1. Acknowledgment: We'll acknowledge receipt of your report within 48 hours
  2. Investigation: We'll investigate the issue and work on a fix
  3. Updates: We'll provide regular updates on our progress (at least weekly)
  4. Disclosure: Once fixed, we'll coordinate disclosure timing with you
  5. Resolution: We'll release a security update and publish details

Security Best Practices

  • Keep your Koda installation up to date
  • Use strong, unique passwords
  • Enable two-factor authentication where available
  • Regularly review access permissions
  • Monitor for unusual activity

Responsible Disclosure

We kindly ask that you:

  • Give us reasonable time to fix the issue before public disclosure
  • Avoid accessing or modifying user data
  • Don't perform DoS attacks or degrade service performance
  • Don't spam our systems with automated vulnerability scanners

Bug Bounty Program

We currently do not have a formal bug bounty program, but we greatly appreciate security researchers who help keep our platform safe. Significant security contributions may be eligible for rewards at our discretion.

Contact

For security-related questions or concerns:

Thank you for helping keep Koda and our users safe! πŸ›‘οΈ

There aren't any published security advisories