Skip to content

Security: dicethedev/MerkleForge

Security

.github/SECURITY.md

Security Policy

Reporting a Vulnerability

We take the security of MerkleForge seriously. If you discover a vulnerability, please report it responsibly so we can investigate and address it promptly.

How to Report

  1. Navigate to the Security tab of this repository.
  2. Click Report a vulnerability to open the GitHub Security Advisories form.
  3. Include as much detail as possible:
    • A clear description of the issue.
    • Steps to reproduce the vulnerability.
    • The affected versions or components.
    • The potential impact and severity.

Alternatively, email the same details to dicethedev@gmail.com.

Reporting Guidelines

  • Do not publicly disclose the vulnerability until it has been confirmed and fixed.
  • Include proof-of-concept code when possible to help us verify the issue.
  • State whether you believe the vulnerability is being actively exploited.
  • Do not access, modify, or destroy data that does not belong to you.

Our Response Process

  • We will acknowledge and investigate vulnerability reports diligently.
  • We may contact you for additional information while reproducing the issue.
  • After a fix is available, we will coordinate disclosure and publish relevant details when appropriate.

Reward Program

MerkleForge does not currently offer a formal bug bounty program. We value responsible security research and, with your consent, may recognize your contribution in the changelog or release notes.

Research Software Notice

MerkleForge is academic research software and has not been independently security-audited. It is not currently intended for production systems, financial applications, or other security-critical environments.

Thank you for helping improve the security of MerkleForge.

There aren't any published security advisories