pycolmap icon indicating copy to clipboard operation
pycolmap copied to clipboard
verified publisher icon colmap

Security Address

Open SCH227 opened this issue 2 years ago • 4 comments

Hello!

I may have found a security issue in latest version of pycolmap. Following responsible disclosure, is there an email or other private channel where I could share the details? Thank you

SCH227 avatar Oct 18 '23 20:10 SCH227

You can find my email on my website or in the git logs of this repo.

sarlinpe avatar Oct 18 '23 20:10 sarlinpe

Your email on your personal website is the Security Channel of pycolmap project? I recommend adding a SECURITY.md file in your repo so reporters have clear instructions on how to handle disclosures.

SCH227 avatar Oct 18 '23 20:10 SCH227

We've never faced this before so, no, we don't have a proper process - but we'll consider adding so, thank you. In the meantime our inbox is open: https://github.com/colmap/pycolmap/blob/03f610f17924cf44a50a02222fe402095cb20571/pyproject.toml#L12-L14 (update to email addresses in a pending PR)

sarlinpe avatar Oct 18 '23 23:10 sarlinpe

Emailed. Thank you for your awesome project!

SCH227 avatar Oct 19 '23 13:10 SCH227