Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to Hackerspace Mumbai privately, to minimize attacks against current users of Visage before they are fixed. Vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible. This information could be kept entirely internal to the project.

If you know of a publicly disclosed security vulnerability for Visage, please IMMEDIATELY contact [email protected]

IMPORTANT: Do not file public issues on GitHub for security vulnerabilities

To report a vulnerability or a security-related issue, please email the private address [email protected] with the details of the vulnerability. The email will be fielded by the Hackerspace Mumbai Security Team. Emails will be addressed within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime. Do not report non-security-impacting bugs through this channel. Use the repository's GitHub issues instead.

Provide a descriptive subject line and in the body of the email include the following information:

• Basic identity information, such as your name and your affiliation or company.
• Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and compressed packet captures are all helpful to us).
• Description of the effects of the vulnerability on Visage and the related hardware and software configurations, so that the Hackerspace Mumbai Security Team can reproduce it.
• How the vulnerability affects Visage usage and an estimation of the attack surface, if there is one.
• List other projects or dependencies that were used in conjunction with Visage to produce the vulnerability.

We consider vulnerabilities leading to the compromise of data confidentiality, elevation of privilege, or integrity to be our highest priority concerns. Availability, in particular in areas relating to DoS and resource exhaustion, is also a serious security concern. Hackerspace Mumbai takes all vulnerabilities, potential vulnerabilities, and suspected vulnerabilities seriously and will investigate them in an urgent and expeditious manner.

Thank you for your time and efforts in keeping Visage secure. 🙏