If you discover a security vulnerability in XQL Hub, please report it responsibly:
- Report the security vulnerability only via the Security Tab in this repository. Do not create a public issue.
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will respond within 48 hours and work with you to address the issue.
When contributing queries, please ensure:
- No hardcoded credentials or API keys
- No internal IP addresses or hostnames
- No customer-specific data
- No proprietary detection logic that shouldn't be public
We follow responsible disclosure practices:
- We will acknowledge receipt within 48 hours
- We will provide a timeline for fixes
- We will credit researchers (unless anonymity is requested)