Trust
Security
How to report a vulnerability — and our commitment to handling it responsibly.
KerPlace exists to protect other people’s data at rest, so security reports are taken seriously and handled honestly.
Reporting a vulnerability
Please report privately first — do not open a public issue for a vulnerability, as that discloses the flaw to everyone before a fix exists.
- Email: security@kerplace.com
- Subject: start it with
KerPlace security:so it is triaged quickly.
Encrypt sensitive details if you can. If no PGP key is published yet, email first and a secure channel will be arranged before you send any working exploit.
What makes a good report
So the issue can be reproduced quickly:
- the affected version,
- clear steps to reproduce,
- the impact, and
- any proof-of-concept.
Our commitment
- Reports are acknowledged promptly and you are kept informed.
- Disclosure is coordinated: a fix first, then public credit if you would like it.
- Researchers acting in good faith are engaged in good faith.
The full disclosure policy lives in the repository → SECURITY.md.