| Version | Supported |
|---|---|
| 1.x | ✅ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
- Do not open a public GitHub issue for security vulnerabilities
- Email your findings to security@mythetech.com
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: We will acknowledge receipt within 48 hours
- Updates: We will provide updates on the status of your report within 7 days
- Resolution: We aim to resolve critical vulnerabilities within 30 days
We consider security research conducted in accordance with this policy to be:
- Authorized concerning any applicable anti-hacking laws
- Exempt from restrictions in our Terms of Service that would interfere with conducting security research
We will not pursue legal action against researchers who:
- Make a good faith effort to avoid privacy violations and disruption to others
- Only interact with accounts they own or with explicit permission
- Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
When contributing to Iris, please ensure:
- No hardcoded secrets: Never commit API keys, passwords, or connection strings
- Dependency management: Keep dependencies up to date and review security advisories
- Input validation: Validate and sanitize all user inputs
- Secure defaults: Use secure configuration defaults
Thank you for helping keep Iris and its users safe!