We take the security of Bombshell software seriously. We appreciate responsible disclosure and collaboration from the community.
If you believe you’ve found a security issue in Bombshell software, please do not open a public issue.
Instead, email us at [email protected] and include:
- A clear description of the issue
- Steps to reproduce (if possible)
- Any proof of concept or affected components
- Your preferred contact method
We’ll acknowledge receipt within a few business days and keep you informed as we investigate.
- We’ll respond quickly and handle your report confidentially.
- We won’t take legal action against good-faith research.
- We’ll verify and fix confirmed issues promptly.
- We’ll publicly acknowledge your contribution if you’d like.
This policy covers Bombshell-maintained projects and infrastructure, including:
- Code in repositories under the
bombshell-devorganization - The
bomb.shdomain
If the issue affects a third-party dependency, please report it directly to that project’s maintainers.