At Conviso, we value the security community and believe that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

This project adopts recommendations from the OpenSSF Best Practices Badge program.

If you believe you have found a security vulnerability, we encourage you to inform us immediately. We will investigate all legitimate reports and do our best to resolve the issue promptly.

Submit your reports to rd@conviso.com.br and reply to the report with an update. Please do not contact employees directly or through other channels regarding reports.

Whenever possible, the Conviso team may ask the person who publicly disclosed a vulnerability to address it as part of a private process, for example, if details on the exploitation of the vulnerability are not yet available.

If you have any suggestions or ideas on how to improve this process, please submit a pull request. See more information in the Contributing Guidance and if you need help contact us via our Community.