We take security seriously at Rollout.io. However, please note that this is an academic project designed and maintained by final-year engineering students.

While we do not host a commercial bug bounty program, we appreciate responsible disclosures to help us keep our users safe and learn best practices.

If you discover a security vulnerability, please do not report it publicly through GitHub Issues or Discussions.

Instead, report it privately:

• Email: rollout@paraglide.in
• Please include:
  • A description of the vulnerability.
  • A proof of concept (PoC) or clear steps to reproduce the issue.
  • The potential impact of the exploit.

Because we manage this project alongside our academic schedules and coursework, we commit to the following response timeline:

1. Acknowledgement: We will acknowledge your email within 48 to 72 hours.
2. Evaluation and Patching: We will evaluate the vulnerability and develop a patch as quickly as possible.
3. Notification: We will notify you once the patch has been tested and merged into the main repository.

Thank you for practicing responsible disclosure and supporting student-led open-source software.