Security Reporting

Reporting vulnerabilities

Reporting Vulnerabilities

At Nirvati.org, we take security seriously. We believe in the power of community and appreciate the invaluable contributions from the security community in fortifying our Free and Open Source Software (FOSS) operating system. We’re not just about securing Nirvati; we’re also committed to enhancing the broader app ecosystem and tools we use.

In the past, we have found and reported vulnerabilities in various projects such as Alby (These issues), Lnbits, and GitHub.

If you found a vulnerability in Nirvati, any software we developed or an existing open-source app on Nirvati where you’re not sure who to contact,t

How to Report a Vulnerability

If you believe you’ve found a security vulnerability in the Nirvati ecosystem, we encourage you to report it to us. To report a vulnerability, please follow these steps:

Step 1: Contact Us

Send an email to security@nirvati.org to report the vulnerability. Your email should include:

A clear and concise description of the vulnerability.
Information on the affected component or feature.
Steps to reproduce the vulnerability, if possible.
Any potential impact or exploitation scenarios.
Your contact information for further communication.

Step 2: Secure Communication

If the vulnerability you’re reporting is sensitive, and you believe it requires a secure channel of communication, please request encryption. You can use PGP/GPG to encrypt your communication. We’ll provide our public key for this purpose upon request.

Step 3: Response

We take every report seriously and will make our best effort to acknowledge your report within 72 hours. We will review your report and assess the severity and impact of the vulnerability.

Step 4: Resolution

Once the vulnerability is confirmed, we will prioritize and work on a resolution. We appreciate your patience as we address the issue, and we will keep you informed of our progress.

Step 5: Public Disclosure

We believe in responsible disclosure. As an open source project, all of our code changes are inherently public. However, we ask you to refrain from posting proof-of-concepts or descriptions of vulnerabilities until we can confidently say most users received the update.

Our Commitment

We will handle your report with the utmost confidentiality.
We will not take legal action against security researchers acting in good faith.
We will acknowledge your contribution to improving the Nirvati ecosystem security.
We will make every effort to resolve the issue promptly and keep you informed.

Bug Bounty

As an open source project that relies on donations, we can not offer a bug bounty program where you receive payment for reported vulnerabilities. We may still decide to offer you a reward if we’re able to do so depending on the severity of the vulnerability and the quality of your report.

Hall of Fame

We appreciate the effort of security researchers who help make the Nirvati ecosystem more secure. To honor these contributions, we maintain a “Hall of Fame” to publicly recognize those who report significant vulnerabilities.

Contact Information

If you have any questions or need further assistance, please feel free to reach out to us:

e-mail

Thank you for being the gentle wind in our journey, guiding Nirvati family to greater safety and security. Together, we rise higher. 🌬️🎈🌟

Contact

Have a security concern to report?

e-mail