Our primary goal is to ensure the protection and confidentiality of sensitive data stored by users of the React Native LLM Chat Template.

We appreciate the community's interest in identifying potential vulnerabilities. However, effective immediately, we will not accept low-effort vulnerability reports. To ensure that submissions are constructive and actionable, please adhere to the following guidelines:

Any reports or solicitations arriving from sources other than our designated GitHub repository will be dismissed without consideration. We've seen how external engagements can dilute and compromise the integrity of community-driven projects, and we're not here to gamble with the security and privacy of our user community.

Reports not submitted through our designated GitHub repository will be disregarded, and we will categorically reject invitations to collaborate on external platforms. Our aggressive stance on this matter underscores our commitment to a secure, transparent, and open community where all operations are visible and contributors are accountable.

1. No Vague Reports: Submissions such as "I found a vulnerability" without any details will be treated as spam and will not be accepted.

2. In-Depth Understanding Required: Reports must reflect a clear understanding of the codebase and provide specific details about the vulnerability, including the affected components and potential impacts.

3. Proof of Concept (PoC) is Mandatory: Each submission must include a well-documented proof of concept (PoC) that demonstrates the vulnerability. If confidentiality is a concern, reporters are encouraged to create a private fork of the repository and share access with the maintainers. Reports lacking valid evidence will be disregarded.

4. Required Patch Submission: Along with the PoC, reporters must provide a patch or actionable steps to remediate the identified vulnerability. This helps us evaluate and implement fixes rapidly.

5. Streamlined Merging Process: When vulnerability reports meet the above criteria, we can consider them for immediate merging, similar to regular pull requests. Well-structured and thorough submissions will expedite the process of enhancing our security.

Non-compliant submissions will be closed, and repeat violators may be banned. Our goal is to foster a constructive reporting environment where quality submissions promote better security for all users.

We regularly audit our internal processes and system architecture for vulnerabilities using a combination of automated and manual testing techniques. We are also planning to implement SAST and SCA scans in our project soon.

For immediate concerns or detailed reports that meet our guidelines, please:

• Create an issue in our GitHub issue tracker
• Email security reports to: direct@bandpey.com

Note: Only reports submitted through our designated GitHub repository or the official email address will be considered. All other channels will be disregarded.