To report a security issue with Oku Trade or the Oku Trade MiniApp, please open a security advisory on GitHub with a detailed description of the issue and the steps you took to create the issue.

Please remember to include everything required for us to reproduce the issue, including but not limited to a privately accessible repository if the exploit is complicated enough to warrant such. Oku Trade Maintainers will ask permissions to checkout the repository. All code samples shared with our Security team will only be used to verify and diagnose the issue and will not be publicly shared with anyone outside of Oku's teams. Oku's Security Team members may share information only within the Oku teams on a need-to-know basis to fix the related issue in Oku.

Advisories without fully detailed reproduction steps will not be considered valid.

Our Security team will respond to the security advisory within 7 working days.

If you think you've found a security issue, please DO NOT report, discuss, or describe it on Discord, GitHub, or any other public forum; without prior contact and acknowledgment of Oku's Security team.

This is detrimental to the safety of all Oku users. No exceptions.

The information members and others receive through participation in this group must not be made public, shared, or even hinted otherwise, except with prior explicit approval (which shall be handled on a case-by-case basis). This holds true until the agreed-upon public disclosure date/time is satisfied.

As a clarifying example, this policy forbids Oku Security members from sharing list information with their employers; unless prior arrangements have been made directly with an employer.

In the unfortunate event that you share the information beyond what is allowed by this policy, you must urgently inform the Oku Security Team of exactly what information leaked and to whom, as well as the steps that will be taken to prevent future leaks.

Repeated offenses may lead to the removal from the Security or Oku team.