Maintained by: Marshmallow.Projects
Application: RavenCo – Open Source Secure Chatting Platform
At RavenCo, security is a top priority. We welcome security researchers, ethical hackers, and contributors to report any vulnerabilities. Responsible disclosure helps us maintain a secure and trustworthy platform for our users.
If you discover a security vulnerability, please do not open a public issue. Instead, follow this responsible disclosure process:
-
Reach us directly:
Send a detailed report to one of official social media channel
Facebook | Instagram -
Include the following details and send as a PDF file:
- Description of the vulnerability
- Steps to reproduce (PoC if possible)
- Affected components or code snippets
- Severity rating (your estimation)
- Any temporary workarounds (if applicable)
-
Do not disclose publicly until we have verified and patched the issue.
- Acknowledgment within 48 hours
- Initial assessment within 5 business days
- Fixes or mitigation will be prioritized based on severity
We reward:
- High-impact findings
- Clear, well-documented reports
- Respect for user privacy and data
- Don’t run automated scanners without permission
- Don’t attempt to access user data
- Don’t perform denial-of-service (DoS) attacks
- Don’t exploit the vulnerability in any way
Marshmallow.Projects reserves the right to reward exceptional discoveries with recognition, swag, or even financial compensation (at our discretion). Stay tuned for our upcoming bug bounty program.
Your effort strengthens RavenCo and our broader ecosystem. We’re building a secure communication future — with your help.