I pride Ermis in its security. For Ermis, security isn't just a feature — it's a cornerstone, and I stake its very reputation on it.

In a world where our privacy is perpetually undermined, and our personal data has become the currency of the tech world — from tech giants exploiting our data for targeted advertisment, to utilizing it to train their LLMs —, people deserve something in which they can bestow their trust. A communication platform that is not plagued by constant advertising and without any privacy concerns.

Hence Ermis: a secure and open-source messaging platform for real-time communication — and since security is one of its primary selling points, I am determined to ensure that it stays up-to-date with the latest best practices and recommendations in the field of cybersecurity, and I can only accomplish that with your help!

In essence, this document briefly outlines how to report vulnerabilities responsibly, and assist me in my endeavor.

If you believe you have found a security vulnerability in this project, please do not file a public issue or pull request. Instead, email my directly at [email protected].

When you contact me, please include:

• A detailed description of the vulnerability
• Steps to reproduce the issue
• Affected versions of the project
• Any suggested mitigations or workarounds, if known

If you plan to contribute to the project please consider the points made here:

• Please ensure any external dependency added is not afflicted by any severe security vulnerability.
• Please, do not store any sensitive credentials or secrets within the source code.
  For obvious reasons, this is a recipe for disaster.

Contributors who responsibly disclose security issues, can be assured they will be publicly acknowledged with their consent.

I sincerely thank you for your contribution in helping to make this project safer for everyone involved! Your involvement is essential!