Reporting Elementum security issues.
If you’ve found a security issue, thank you! We appreciate your help. This page describes how we handle security issues and how to best contact us.
How Elementum approaches security issues.
First we want to make it clear: Elementum SCM Inc, will not take any legal or intimidatory action for reporting security vulnerabilities. We do ask, however, to be responsible and avoid destroying, tampering or doing any action that might hamper the service or disclose private information of others.
We take security seriously, and we will make an effort to respond as fast as possible.
We will start working on reproducing the issue and will contact you if we need additional information to help us do so. We don't require require a proof of concept exploit or any proof of exploitability, but any information you can share up front is helpful.
We know and understand that it is important to you that the issue is addressed promptly. It's important for us too. Once we confirm and triage the issue, we'll come up with a plan and let you know our expected timeline. We try to respond to issues within a few hours. Some issues, of course, might take longer.
Once the issue is fixed, we'll deploy the patch.