Skip to content

Security: off-on-dev/open-source-challenges

SECURITY.md

Security Policy

Supported versions

OffOn.dev projects are developed on a rolling basis. Only the latest commit on the main branch of each repository is supported and patched.

Reporting a vulnerability

Please do not open a public issue for security problems.

Report privately by either:

  • GitHub private vulnerability reporting — "Report a vulnerability" under the Security tab of the affected repository, or
  • Email offondev@gmail.com with details and, if possible, reproduction steps.

We aim to acknowledge reports within 5 business days and to share a remediation timeline after triage. Please allow a reasonable window before any public disclosure.

There is no paid bug-bounty program, but we credit reporters in the release notes unless you prefer to remain anonymous.

There aren't any published security advisories