Security Policy

Reporting Security Issues

We take the security of Striae seriously. If you believe you have found a security vulnerability, please report it to us responsibly.

You may:

  1. Email security findings to: info@striae.org
  2. Submit a security issue on GitHub
For encryption, please use our PGP key

Disclosure Process

  • After we receive your report, we will:
    • Acknowledge receipt within 48 hours.
    • Provide updates as we investigate and remediate the issue.
    • Notify you when the vulnerability is resolved and, if desired, credit you for your responsible disclosure.
  • Where possible, we aim to resolve valid vulnerabilities within 30 days and will keep you informed of progress.

Researcher Responsibilities

  • Guidelines:
    • Do not access, modify, or delete user data without authorization.
    • Avoid actions that could degrade, disrupt, or damage Striae services.
    • Do not use automated scanning tools that generate a significant amount of traffic or requests.
    • Comply with all applicable laws and regulations.
  • Safe Harbor:
    • Activities in good faith, consistent with this policy and intended to improve Striae security, will not be subject to legal action or account restriction. If legal action is initiated by a third party, Striae will make it clear that your actions were conducted under this policy.

Scope

This policy applies to all Striae properties including:

  • https://www.striae.org
  • All Striae subdomains
  • Striae web application (current version only)

Out of Scope

  • DoS/DDoS attacks
  • Spam or social engineering
  • Physical security attacks
Last updated: September 1, 2025