Disboard Software applies a security-first mindset across product development, infrastructure operations, and release management. Security controls are integrated into engineering workflows and treated as baseline requirements.
If you identify a potential security vulnerability, please report it privately and do not disclose it publicly until the issue is assessed and remediated.
Please include:
- A clear description of the issue.
- Affected component or file references.
- Reproduction steps or proof-of-concept details, if available.
- Potential impact assessment.
Security reports should be sent to:
security@disboardsoftware.com
If this address is not yet active, use the primary repository contact channel and mark the message as Security Disclosure.
Disboard Software aims to:
- Acknowledge receipt of valid reports in a reasonable timeframe.
- Triage and assess severity based on risk.
- Implement remediation according to operational priority.
- Communicate closure once the issue has been addressed.
This public policy intentionally excludes confidential details about internal security architecture, controls, and incident response procedures.