bitua/snitch

Files

Karol Broda 57d592408d chore: add coc, contibution, and security documents for community guidelines (#31 )

2026-01-01 20:58:14 +01:00

1.6 KiB

Raw Permalink Blame History

Security Policy

Supported Versions

Version	Supported
latest	✅
< latest	❌

i recommend always using the latest version of snitch.

Reporting a Vulnerability

if you discover a security vulnerability, please report it responsibly:

do not open a public issue for security vulnerabilities
email the maintainer directly or use github's private vulnerability reporting
include as much detail as possible:
- description of the vulnerability
- steps to reproduce
- potential impact
- suggested fix (if any)

What to Expect

acknowledgment of your report within 48 hours
regular updates on the progress of addressing the issue
credit in the release notes (unless you prefer to remain anonymous)

Security Considerations

snitch reads network socket information from the operating system:

linux: reads from /proc/net/* which requires appropriate permissions
macos: uses system APIs that may require elevated privileges

snitch does not:

make network connections (except for snitch upgrade which fetches from github)
write to system files
collect or transmit any data

Scope

the following are considered in-scope for security reports:

vulnerabilities in snitch code
insecure defaults or configurations
privilege escalation issues
information disclosure beyond intended functionality

out of scope:

social engineering attacks
issues in dependencies (report to the upstream project)
issues requiring physical access to the machine