This document outlines the security policy and procedures at TagDots, Inc..
We encourage responsible disclosure of security vulnerabilities. If you find something suspicious, we encourage and appreciate your report through email to security@tagdots.com.
Please include as much of the information listed below as you can to help us better understand and resolve the issue quickly:
- The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
When we receive a security vulnerability report, we will coordinate the fix and release process, involving the following steps:
- Acknowledge the security issue within 14 days.
- Confirm the problem and determine the affected versions.
- Audit code to find any potential similar problems.
- Create fixes for all affected releases within 60 days.
If you have suggestions on how this process could be improved, please email us at security@tagdots.com.