Security

Reporting a vulnerability

Found a security issue in Nazm? Tell us privately and we'll fix it. This page is the policy referenced by our security.txt.

How to report

Email [email protected] with the subject line Nazm security report. Please include:

Report privately, and give us a reasonable chance to ship a fix before sharing the details publicly.

What to expect from us

Safe harbour

We won't pursue or support legal action against anyone who reports a vulnerability in good faith, follows this policy, and avoids privacy violations, data destruction, or service disruption while researching. Acting in good faith within the scope below, you have our authorisation to test.

Scope

In scope: the Nazm web app and its API.

Out of scope:

Please don't

No bug bounty (yet)

Nazm is an indie project in public alpha, so we can't offer cash rewards. What we can offer is a fast, respectful response, a real fix, and public credit if you want it.

Contact

Security reports and questions go to [email protected]. A real person will reply.


Last updated: