Skip to content

Security: moss-apps/moss

Security

SECURITY.md

Security Policy

Moss Laboratories builds privacy-first software, and we take security reports seriously.

Reporting a Vulnerability

Do not open a public GitHub issue for security vulnerabilities.

Report them privately instead:

Please include:

  • A description of the issue and its impact
  • Steps to reproduce (a proof of concept if possible)
  • The affected app/component and version

We aim to acknowledge receipt within 72 hours and to send a status update within 7 days.

Scope

This policy covers the source in this repository (the Moss ecosystem landing site). Each Android app — Flick, Latch — is maintained in its own repository; report app-specific issues against the relevant repo:

Supported Versions

Only the latest release of each component receives security fixes.

There aren't any published security advisories