Skip to content
Pybara Docs

Responsible Disclosure

If you discover a security vulnerability in Pybara, we ask that you report it responsibly. We take all reports seriously and will respond promptly.

How to Report

Section titled “How to Report”

Email security@pybara.com with:

  • A clear description of the vulnerability
  • Steps to reproduce or proof-of-concept (where applicable)
  • The potential impact in your assessment
  • Your contact details (optional, for follow-up)

We aim to acknowledge reports within 48 hours and provide a status update within 7 days.

Scope

Section titled “Scope”

The following are in scope:

  • Pybara payment canisters (blackhole and admin)
  • Pybara Wallet (pybara.io)
  • Pybara WooCommerce plugin
  • Pybara SDK and UX libraries

Out of Scope

Section titled “Out of Scope”
  • Social engineering or phishing attacks
  • Denial of service (DoS/DDoS)
  • Issues in third-party dependencies not directly exploitable in Pybara
  • Bugs without a realistic security impact

Our Commitments

Section titled “Our Commitments”
  • We will not take legal action against researchers acting in good faith
  • We will keep you informed of progress toward a fix
  • We will credit you in the disclosure (if you wish) once the issue is resolved
  • We will work to resolve confirmed vulnerabilities as quickly as possible

Disclosure Policy

Section titled “Disclosure Policy”

We follow a coordinated disclosure model. Please give us reasonable time to investigate and patch before publishing details publicly. We aim to resolve critical issues within 30 days.