Security

Last updated: 2026-02-09

This page describes how to report security issues for Moldable and what to expect from us.

Contact

If you discover a security vulnerability, email:

• security@moldable.sh

Please include:

• A clear description of the issue
• Steps to reproduce
• Affected versions/components
• Any proof-of-concept details and potential impact

Disclosure Policy

We request coordinated disclosure:

1. Report the issue privately by email.
2. Give us reasonable time to investigate and ship a fix.
3. Avoid public disclosure until we confirm remediation or agree on a timeline.

Safe Testing Guidelines

When testing, please:

• Avoid accessing, modifying, or deleting data that is not yours
• Avoid service disruption (DoS, resource exhaustion, spam)
• Use the minimum proof needed to demonstrate impact

Response Expectations

We aim to:

• Acknowledge reports promptly
• Triage severity and impact
• Share status updates during remediation
• Credit reporters when appropriate (if requested)

Related Resources

• Privacy policy: /legal/privacy
• Terms of service: /legal/terms