Responsible Disclosure Policy

At Leantime Systems Inc, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you’ve discovered a vulnerability, please follow the guidelines below to report it to our security team:

Report any findings using the Security Advisory Form on Github: https://github.com/Leantime/leantime/security/advisories/new

Please follow these rules when testing/reporting vulnerabilities:

Do not take advantage of the vulnerability you have discovered, for example by downloading more data than is necessary to demonstrate the vulnerability.
Do not read, modify or delete data that isn’t you own.
We ask that you do not to disclosure the problem to third parties until it has been resolved.
The scope of the program is limited to technical vulnerabilities in Leantime please do not try to test physical security or attempt phishing attacks against our employees, and so on.
Out of concern for the availability of our services to all users, please do not attempt to carry out DoS attacks, leverage black hat SEO techniques, spam people, and do other similarly questionable things. We also discourage the use of any vulnerability testing tools that automatically generate significant volumes of traffic.
Please refrain from requesting compensation for reporting vulnerabilities. Any ackknowledgments will be available via Github

What we promise:

We will respond to your report within 3 business days with our evaluation of the report and an expected resolution date.
If you have followed the instructions above, we will not take any legal action against you in regard to the report.
We will keep you informed during all stages of resolving the problem.
To show our appreciation for your effort and cooperation during the report, we will list your name and a link to a personal website/social network profile on the page below so that the public can know you’ve helped keep Leantime secure.

We sincerely appreciate the efforts of security researchers in keeping our community safe.

The following people have responsibly disclosed vulnerabilities to us in the past:

Akshay Gaikwad	https://www.linkedin.com/in/akshay-gaikwad-272878165
Akshay Parse	https://www.linkedin.com/in/akshay-parse-0b1176199
Anjali Prakash	https://www.linkedin.com/in/anjali-p-44ab20133/
Badal Sardhara	https://www.linkedin.com/in/badal-sardhara-9b43a41a5
Bindiya Sardhara	https://www.linkedin.com/in/bindiya-sardhara-24b1a2b4/
applefellow	https://m.facebook.com/AppleFellow
Deepesh Kumar Pandey	https://www.linkedin.com/in/beertocode/
Gourab Sadhukhan	https://www.linkedin.com/in/gourab-sadhukhan-71158216a/
Karan Keswani	https://www.linkedin.com/in/karankeswani1203/
Manish Kumar	https://www.linkedin.com/in/manishkumarofficially/
MIDHUN S	https://www.linkedin.com/in/midhun-s-8a5939150
Mohamed Kasim	https://in.linkedin.com/in/sk-mohamed-kasim-bb8538177
Mohsin khan	https://www.linkedin.com/in/mohsin-khan-7185a615b
Prashant Jadon	https://www.linkedin.com/in/prashant-jadon-50131b148
Pritam Mukherjee	https://www.linkedin.com/in/pritam-mukherjee-urvil-b75ab9b9/
PURBASHA GHOSH	https://www.linkedin.com/in/purbasha-ghosh-18b3711a1/
Ravi Pavan	https://www.linkedin.com/in/contact-pavan/
Rohit S. Pathak	https://www.linkedin.com/in/rohit-s-pathak-7a4726199
SACHIN YADAV	https://www.linkedin.com/in/sachin-yadav-543265178/
SHOBHIT MEHTA	https://www.linkedin.com/in/shobhit-m-284053a8/
Soundar.M	https://www.linkedin.com/in/soundar-m-4647b3149/
Subhamoy Guha (Nat IT Solved Pvt Ltd)	https://www.linkedin.com/in/subhamoy-guha-220048119/
Subramanian Ramakrishnan	https://in.linkedin.com/in/subramanian-ramakrishnan-b7811014b
Sumit Sahoo	https://www.sumitsahoo.com/

Legal

Open Source

About

Follow Us