Skip to content

Security: mossland/Projects

SECURITY.md

Security Policy

Scope

This is the default security policy for public repositories owned by the mossland GitHub account. It applies to any repository under this account that does not publish its own SECURITY.md; a repository-level policy always takes precedence over this document. It is written for external security researchers and for users of the code published here.

Some repositories under this account are historical references — legacy token contracts, for example — and may not be actively maintained. Reports about deployed legacy contracts are still welcome at the same email address given below.

Reporting a vulnerability

Do not open a public GitHub Issue for a suspected vulnerability, and do not disclose publicly before coordination.

Where the affected repository shows a Report a vulnerability button under its Security tab, use it — the report reaches the maintainer privately.

If that button is not present, or you prefer email, write to [email protected] — the published Mossland security contact. Never put reproduction steps, secrets, exploit code, or an actionable attack path in a public issue or pull request.

A useful report includes:

  • the affected repository and the version or commit — or, where relevant, the address of the deployed contract;
  • impact and a plausible abuse scenario;
  • reproduction steps or proof-of-concept;
  • disclosure constraints and credit preference.

Handling expectations

What to expect: acknowledgment of your report, private triage, and coordinated disclosure where appropriate. Repositories under this account are maintained on a best-effort basis; there is no guaranteed response time.

There aren't any published security advisories