Responsible Disclosure
We take security seriously at Liasoft. If you discover a security vulnerability in covdbg or any of our services, we appreciate your help in disclosing it to us responsibly.
How to Report
Please report security vulnerabilities by emailing info@covdbg.com. Include:
- Description of the vulnerability
- Steps to reproduce the issue
- Affected versions or components
- Any proof-of-concept code (if applicable)
- Your contact information for follow-up
Our Commitment
When you report a vulnerability, we commit to:
- Acknowledge your report within 2 working days (excluding national holidays)
- Investigate and validate the issue promptly
- Keep you informed about our progress
- Credit you (if desired) when we publish a fix
- Not pursue legal action against good-faith security researchers
Guidelines
To qualify for responsible disclosure:
- Do not access or modify data belonging to other users
- Do not perform actions that could harm our services or users
- Do not publicly disclose the vulnerability before we’ve had time to address it
- Make a good faith effort to avoid privacy violations and service disruption
Scope
This policy applies to:
- covdbg desktop software
- VS Code and Visual Studio extensions
- covdbg.com website and services
- License server and update infrastructure
Recognition
We maintain a hall of fame for security researchers who have helped improve our security. With your permission, we’ll add your name to this list.
Thank you for helping keep covdbg and our users safe.