Skip to content

Security: altcha-org/altcha

SECURITY.md

Security Policy

Supported Versions

Security updates are available for all versions.

Reporting a Vulnerability

If you discover a vulnerability, please report it responsibly to our security email: c2VjdXJpdHlAYWx0Y2hhLm9yZwo=.

When reporting a vulnerability, please include the following details to help us quickly assess the issue:

  • Detailed steps to reproduce or a proof-of-concept
  • Any relevant tools and their versions used
  • Tool output and any logs or screenshots that may help

PGP Public Key: To ensure secure communication, please use our PGP public key when sending sensitive information:

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEZtI2nxYJKwYBBAHaRw8BAQdA/RsvtqhwBMzb2lVbYgJ8jfbtOSW6X1Ju
eJGrTnc/w7rNKXNlY3VyaXR5QGFsdGNoYS5vcmcgPHNlY3VyaXR5QGFsdGNo
YS5vcmc+wowEEBYKAD4FgmbSNp8ECwkHCAmQQ77nSDCYPoIDFQgKBBYAAgEC
GQECmwMCHgEWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAQBYA/AhHznOMm5zg
L5NVtbEaVzjlGQgq935Ieg7i0ts/ulvSAQCifZduBr9W2Rlev2x4MIaN8PBY
eq/UQjyDIoi3s+bBAM44BGbSNp8SCisGAQQBl1UBBQEBB0DMbZpWAHLF9W2y
sFoTHPv0/9wBmd5HQHDFo30pYv6GGAMBCAfCeAQYFgoAKgWCZtI2nwmQQ77n
SDCYPoICmwwWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAB2gA/RCLvMElWMP3
Xb/GVjlYMKM+lP/+Vp6pEPp+oCfb5gg+AP9sTajrdA2GBv6Sc28/GZcbGEX2
OlJjTSxs11Oj8es+Bg==
=kb//
-----END PGP PUBLIC KEY BLOCK-----

Vulnerability Disclosure Process

  • Acknowledgment: We will acknowledge receipt of your report within 48 hours.
  • Assessment: We will assess the vulnerability and determine the impact and priority.
  • Resolution: If the vulnerability is confirmed, we will work on a fix and inform you when it’s resolved.
  • Disclosure: We follow responsible disclosure. Once a fix is available, we will coordinate with you to disclose the vulnerability to the public.

Scope

In-Scope for Reporting:

  • ALTCHA Widget and any associated open-source code.
  • ALTCHA SaaS platform and related services.

Out-of-Scope:

  • Any third-party services or software not managed by ALTCHA.
  • Automated tool or scan reports.
  • Distributed Denial of Service (DDoS) attacks that require large volumes of data.
  • Provisioning or usability issues.
  • Flooding of feedback, comments, messages, etc.
  • Issues related to networking protocols or industry standards.

There aren’t any published security advisories