Security Disclosure Policy

Responsible Disclosure

At Libre Labs, we take security seriously - both for our clients and for our own systems. We welcome and appreciate security researchers who report vulnerabilities responsibly.

Reporting a Vulnerability

If you’ve discovered a security vulnerability in any Libre Labs system or service, please report it to us privately:

Email: security@librelabs.net

Please include the following in your report:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Any suggestions for remediation (optional)

Our Commitment

When you report a vulnerability to us, we commit to:

• Acknowledge your report within 48 hours
• Investigate the issue promptly and keep you informed of our progress
• Remediate confirmed vulnerabilities in a timely manner
• Credit you publicly (if desired) once the issue is resolved
• Not pursue legal action against researchers acting in good faith

Scope

This policy covers:

• The librelabs.net website and associated services
• Any client-facing systems operated by Libre Labs
• Internal tools and infrastructure

Out of Scope

• Social engineering attacks against Libre Labs staff
• Denial of service attacks
• Physical security testing
• Third-party services not operated by Libre Labs

Guidelines

We ask that security researchers:

• Do not access, modify, or delete data belonging to others
• Do not disrupt our services or degrade the experience for our users
• Allow us reasonable time to remediate before any public disclosure
• Act in good faith to avoid privacy violations and disruptions

Thank you for helping keep Libre Labs and our clients safe.