Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in TIA's public infrastructure, we appreciate responsible disclosure.

Email: ondrej@tia-framework.com

Subject line: [SECURITY] Brief description

What to include

Description of the vulnerability
Steps to reproduce
Potential impact assessment
Your suggested fix (if any)

What to expect

Acknowledgment within 48 hours
Status update within 7 days
Credit in our security acknowledgments (if desired)

Scope

This policy covers:

The website at tia-framework.com
This GitHub repository

This policy does not cover TIA's internal operational infrastructure, which is not publicly accessible.

Safe Harbor

We will not pursue legal action against researchers who:

Make a good faith effort to avoid privacy violations and data destruction
Report vulnerabilities promptly
Do not exploit vulnerabilities beyond what is necessary to demonstrate them

There aren’t any published security advisories