At OrcaSlicer, we are committed to maintaining the security of our ecosystem. Our policy is to ensure that we do not introduce vulnerabilities and that any security issues are addressed promptly and responsibly. We appreciate your help in improving the security of OrcaSlicer and thank you for your responsible disclosure. Reporting Security Bugs
-
Email Security Bugs: Send an email to the lead maintainer at [email protected]. Include the word "SECURITY" in the subject line of your email.
-
Response Times: The lead maintainer will acknowledge receipt of your email within one week (7 days). A detailed response will follow within 48 hours, outlining the next steps for handling your report. After the initial reply, the security team will keep you informed about the progress toward a fix and any announcements.
-
Information and Collaboration: We may request additional information or guidance as we work on addressing the issue.
-
Handling the Report: OrcaSlicer will confirm the problem and determine the affected versions. We will audit the code to find any similar issues and prepare fixes for all releases still under maintenance. Fixes will be released as quickly as possible.
-
Third-Party Modules: Report security issues in third-party modules to the respective maintainer of those modules.
When disclosing a vulnerability, please follow these steps to ensure your report is clear and actionable:
-
Provide Detailed Information: Scope: Clearly define the scope of the vulnerability. Potential Impact: Let us know who could be affected by this exploit. Reproduction Steps: Document detailed steps to reproduce the vulnerability.
Reference OWASP Guidelines: Follow the OWASP Vulnerability Disclosure Cheat Sheet for best practices in vulnerability disclosure.
To enhance security when using OrcaSlicer, we recommend following these steps:
- SEE SOMETHING: If you notice anything suspicious or have concerns, please report it.
- SAY SOMETHING: If you have any doubts or need assistance, do not hesitate to contact us.