Simple File List Security Policy

I take the security of my users and their data seriously. If you find a vulnerability in any of my products, I encourage you to report it responsibly so that I can address it in a timely manner. Below is my official security policy, including how to report issues, what I expect from you, and what you can expect from me.

Reporting a Vulnerability

If you have discovered a security vulnerability in any version of Simple File List or its extensions, please contact me immediately to report the issue:

*
*
*
*
*

Sending Icon Sending Your Message

If you do not receive a response within 24 hours, please contact [email protected].

Please Help

When reporting a vulnerability, please include the following details:

  • A detailed description of the vulnerability and its potential impact.
  • Steps to reproduce the issue.
  • Any applicable screenshots, proof-of-concept code, or logs.

My Response

I will take the following steps upon receiving a vulnerability report:

  1. Acknowledgement: I will acknowledge your report within 24 hours.
  2. Assessment: I will assess the validity and severity of the reported issue. If further information is required, I will reach out to you for clarification.
  3. Resolution Timeline: I aim to resolve confirmed vulnerabilities as quickly as possible, depending on the complexity and severity of the issue. You will be informed of my progress throughout the process.
  4. Credit: If desired, I will publicly acknowledge your contribution once the issue is fixed and released, unless you request anonymity.
  5. Confidentiality: I request that you refrain from disclosing the vulnerability publicly until I have had a reasonable amount of time to address it.

Guidelines for Researchers

I ask that security researchers adhere to the following principles:

  • Responsible Disclosure: Please allow me sufficient time to patch vulnerabilities before disclosing them publicly.
  • No Exploitation: Do not exploit the vulnerability beyond what is necessary to demonstrate its existence.
  • No Data Breaches: Do not access, modify, or delete data belonging to others without permission.

Scope of the Policy

This policy covers vulnerabilities in:

  • Simple File List (SFL) Free and Pro Versions
  • SFL Pro Extensions (Search, Access, Email)

Vulnerabilities in third-party services (e.g., web hosting providers or libraries used by SFL) are out of scope for this policy. However, if you discover a vulnerability related to third-party services, I encourage you to notify the respective parties.

Security Acknowledgements

I am grateful to security researchers who help us all to improve our products.

Changes to This Policy

I may update this policy from time to time. Any changes will be posted on this website.