Responsible Disclosure Policy
At Hyve5 Inc DBA Leantime, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you’ve discovered a vulnerability, please follow the guidelines below to report it to our security team:
- Report any findings using the Security Advisory Form on Github: https://github.com/Leantime/leantime/security/advisories/new
Please follow these rules when testing/reporting vulnerabilities:
- Do not take advantage of the vulnerability you have discovered, for example by downloading more data than is necessary to demonstrate the vulnerability.
- Do not read, modify or delete data that isn’t you own.
- We ask that you do not to disclosure the problem to third parties until it has been resolved.
- The scope of the program is limited to technical vulnerabilities in the Leantime Application (accounts.leantime.io & *.leantime.io) please do not try to test physical security or attempt phishing attacks against our employees, and so on. The website leantime.io is out of scope.
- Out of concern for the availability of our services to all users, please do not attempt to carry out DoS attacks, leverage black hat SEO techniques, spam people, and do other similarly questionable things. We also discourage the use of any vulnerability testing tools that automatically generate significant volumes of traffic.
- Please refrain from requesting compensation for reporting vulnerabilities. Any ackknowledgments will be available via Github
What we promise:
- We will respond to your report within 3 business days with our evaluation of the report and an expected resolution date.
- If you have followed the instructions above, we will not take any legal action against you in regard to the report.
- We will keep you informed during all stages of resolving the problem.
We sincerely appreciate the efforts of security researchers in keeping our community safe.
The following people have responsibly disclosed vulnerabilities to us in the past:
2023
Brent Hopkins: View LinkedIn Profile
Maneesh S: View LinkedIn Profile
2022+
Akshay Gaikwad | View LinkedIn Profile |
Akshay Parse | View LinkedIn Profile |
Anjali Prakash | View LinkedIn Profile |
Badal Sardhara | View LinkedIn Profile |
Bindiya Sardhara | View LinkedIn Profile |
applefellow | View Facebook Profile |
Deepesh Kumar Pandey | View LinkedIn Profile |
Gourab Sadhukhan | View LinkedIn Profile |
Karan Keswani | View LinkedIn Profile |
Manish Kumar | View LinkedIn Profile |
MIDHUN S | View LinkedIn Profile |
Mohamed Kasim | View LinkedIn Profile |
Mohsin khan | View LinkedIn Profile |
Prashant Jadon | View LinkedIn Profile |
Pritam Mukherjee | View LinkedIn Profile |
PURBASHA GHOSH | View LinkedIn Profile |
Ravi Pavan | View LinkedIn Profile |
Rohit S. Pathak | View LinkedIn Profile |
SACHIN YADAV | View LinkedIn Profile |
SHOBHIT MEHTA | View LinkedIn Profile |
Soundar.M | View LinkedIn Profile |
Subhamoy Guha (Nat IT Solved Pvt Ltd) | View LinkedIn Profile |
Subramanian Ramakrishnan | View LinkedIn Profile |
Sumit Sahoo | View Website |