Security & Vulnerability Disclosure

AskOro takes security seriously. If you discover a vulnerability, we ask that you report it responsibly so we can address it before it affects users.

How to Report

• •Email: security@askoro.dev
• •Include: description of the vulnerability, steps to reproduce, potential impact
• •We will acknowledge receipt within 48 hours and provide a fix timeline

Our Commitments

• •We will not take legal action against researchers who report in good faith
• •We will keep you informed of our progress
• •We will credit you in our changelog if you wish (optional)
• •We aim to resolve critical issues within 7 days, others within 30 days

Responsible Disclosure Guidelines

• •Give us 90 days to fix before public disclosure
• •Do not access, modify, or delete user data
• •Do not perform denial of service attacks
• •Do not use social engineering against our team or users

Out of Scope

• •Theoretical vulnerabilities without proof of concept
• •Issues in third-party services we use (report directly to them)
• •Rate limiting on non-sensitive endpoints