Vulnerability Disclosure
We welcome reports where you believe that our software contains weaknesses or vulnerabilities. We take all reports seriously and will review them thoroughly. Assessments may take some time, so we ask that finders be patient.
Contact Method
The published contact method will initially be e-mail using the security@openenergi.com address. You can find encryption key information in the security.txt file that we have published.
When submitting a disclosure, please be as detailed as possible to help us reproduce the vulnerability. Please encrypt your message or provide a secure transfer method if your disclosure contains sensitive information.
Expectations
Finders should:
1. Not cause any irreparable damage, especially concerning data.
2. Information regarding any identified weakness or vulnerability must not be disclosed publicly until it has been remediated and discussed with Open Energi.
3. Respect Privacy. Finders must cease all testing and contact Open Energi if they gain access to sensitive or personal data.
4. Be patient. We will endeavour to contact all finders.
Open Energi will:
1. Communicate with Finders. Where possible, we will provide them with the outcomes and remediation of the reported finding.
2. Open Energi will endeavour to assess any reported vulnerability and make initial contact with the Finder within five working days.
3. Respect finders who responsibly disclose vulnerabilities. Be as transparent as we can in good faith.