We take the security of SyncRobotic systems seriously. Thank you for helping keep our platform and users safe.
Please do not open a public issue for security problems. Public disclosure before a fix puts users at risk.
Report privately through either channel:
- GitHub private advisory (preferred) β on the affected repository, go to Security β Advisories β Report a vulnerability. This opens a private thread with the maintainers.
- Email β security@syncrobotic.com with the details below.
Please include:
- A description of the vulnerability and its impact.
- Steps to reproduce (proof-of-concept if possible).
- Affected repository, version/commit, and environment.
- Any suggested remediation.
| Stage | Target |
|---|---|
| Acknowledgement of your report | within 3 business days |
| Initial assessment & severity triage | within 7 business days |
| Fix or mitigation plan | communicated after triage, based on severity |
We'll keep you updated through the process and credit you (if you wish) once the issue is resolved.
- Give us reasonable time to investigate and remediate before any public disclosure.
- Do not access, modify, or delete data that isn't yours, and avoid privacy violations, service degradation, or data destruction while testing.
- Act in good faith β we won't pursue action against researchers who follow this policy.
This policy covers repositories under the Syncrobotic
organization. For anything else, email us and we'll route it.