It goes without saying that product security is important to all of us. TestBalloon acts accordingly:

• TestBalloon's design puts comprehensibility and safe coding practices first.
• As an open-source project, TestBalloon's development is transparent and open to public evaluation.
• Each release undergoes a proprietary and unpublished combination of automated and manual security checks.

TestBalloon is a test framework, which implies that it generally executes in controlled environments, which are not publicly accessible over the internet.

Before reporting a vulnerability originating with a dependency (third-party component), please verify that such vulnerability is actually exploitable in TestBalloon's context.

To report a vulnerability, please either

• open a draft security advisory, which can be privately discussed and collaborated on, or
• reach out to oliver.o456i at gmail dot com.

When we receive such reports, we will investigate and subsequently address any potential vulnerabilities as quickly as possible.