We take the security of CTFKit very seriously. If you've discovered a security vulnerability in CTFKit, we appreciate your help in disclosing it to us in a responsible manner.
If you believe you've found a security vulnerability in CTFKit, please send it to us by emailing at [email protected]. We will acknowledge your email within 48 hours, and you'll receive a more detailed response to your email within 96 hours indicating the next steps in handling your report.
In the report, please include:
- Detailed steps on how to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us)
- Your name/handle and a link for recognition in our Hall of Fame (if you want it)
When we receive a security bug report, we will work on the following:
- Confirm the problem and determine the affected versions.
- Fix the problem and prepare a new release as soon as possible.
- Publicly release these security fixes in the next minor release, along with recognition for your contribution.
If you have suggestions to improve this policy, please send us an email at [email protected].
Thank you for helping keep CTFKit and our users safe!