Skip to content

Security: poranaparu/.github

Security

SECURITY.md

Security Policy

We take the security of Пора на пару seriously. Our products handle the personal data of students and staff, so we treat any vulnerability report with priority and care.

Reporting a vulnerability

Please do not open a public issue for security problems.

Report privately through either channel:

To help us triage quickly, please include:

  • A description of the issue and its potential impact.
  • Steps to reproduce (proof-of-concept, requests, or screenshots).
  • The affected product and platform (iOS / Android / web / admin) and version, if known.
  • Any suggested remediation, if you have one.

Our commitment

Stage Target
Acknowledge your report within 3 business days
Initial assessment & severity within 7 business days
Fix or mitigation plan depends on severity, shared with you

We'll keep you updated through the process and credit you in our disclosure (with your consent) once the issue is resolved.

Scope

In scope: the Пора на пару mobile apps (iOS, Android), the public web app, the admin service, and our public-facing infrastructure.

Responsible disclosure — please do

  • Give us a reasonable time to fix the issue before any public disclosure.
  • Make a good-faith effort to avoid privacy violations, data destruction, and service interruption.
  • Only interact with accounts you own or have explicit permission to test.

Please do not

  • Run denial-of-service (DoS/DDoS) attacks or automated scanning that degrades service.
  • Access, modify, or delete data that does not belong to you.
  • Use social engineering, phishing, or physical attacks against our team or users.

Safe harbor

We will not pursue or support legal action against researchers who discover and report vulnerabilities in good faith and in line with this policy. If in doubt about whether an action is acceptable, ask us first at security@poranaparu.com.

Thank you for helping keep Пора на пару and its users safe. 🙏

There aren't any published security advisories