Reporting any potential vulnerabilities is strongly encouraged.
If you suspect a vulnerability, please take the following steps:
- Contact the team at harshith at tegon.ai.
- Include a comprehensive description of the potential vulnerability and steps to reproduce the issue, if possible. The more information you can provide, the quicker Tegon can address the problem.
You can expect a response to your initial report within one business day. While the core team works on addressing the issue, please maintain confidentiality about the vulnerability to ensure the security of all users. Please refrain from exploiting the vulnerability or revealing the problem to others.
While Tegon doesn't have a formal bug bounty program right now due to the project's nascent stage, rest assured that:
- You will get a response within one business day.
- Your report and all accompanying data will receive the highest level of confidentiality.
- Your contribution is greatly appreciated, and Tegon would acknowledge your role in the vulnerability fix, if you opt for identification.
- Tegon will grant you permission to publicly discuss your findings once users have had a reasonable time to apply the patch after it becomes available.
- Tegon guarantees not to pursue any legal action as long as the vulnerability is not exploited.
Efforts are continually made to enhance the security of the product. If you have any recommendations or feature request that could enhance the product's security, please share them via the discussion forum.