At Lum Network, we take the security of our products seriously. We appreciate the community of users and security researchers who contribute to the security of our software by discovering and reporting vulnerabilities.
We understand that the safety of your data and systems is crucial, and we're committed to ensuring that our system is as secure as possible.
If you believe you've discovered a security vulnerability in our software, we ask you to send us a private report so we can assess and respond effectively.
Please do not report security vulnerabilities through public GitHub issues, as we want to ensure that any potential vulnerabilities are handled discreetly to minimize potential risks.
To report a vulnerability, please send an email to security@lum.network.
In your report, please include:
- A brief description of the potential vulnerability.
- Steps to reproduce the issue (if applicable).
- Any supporting materials like screenshots, logs, or scripts that demonstrate the vulnerability.
Your responsible disclosure is much appreciated and we will make every effort to acknowledge your emails within 48 hours.
Once a report is sent to security@lum.network, the following process is triggered:
- A confirmation email will be sent to acknowledge that we have received the vulnerability report.
- Our security team will then investigate the issue to understand the impact and severity.
- If necessary, we will work to promptly release an update, or patch, to fix the vulnerability.
We will keep you updated throughout the investigation and resolution process.
We thank you in advance for your patience as we work to resolve the issue.
While we greatly appreciate the efforts of security researchers and believe in recognizing their hard work, please note that we do not guarantee any rewards for reported vulnerabilities. Any decision to grant a reward is at the discretion of Lum Network and will be considered on a case-by-case basis.
We appreciate and acknowledge the contributions of security researchers. After a vulnerability in our software has been determined and a patch has been released, we will publicly acknowledge your responsible disclosure.
However, public disclosure of the vulnerability details without express written consent from Lum Network is strictly prohibited.