Moss Laboratories builds privacy-first software, and we take security reports seriously.
Do not open a public GitHub issue for security vulnerabilities.
Report them privately instead:
- Email: moss_apps@proton.me
Please include:
- A description of the issue and its impact
- Steps to reproduce (a proof of concept if possible)
- The affected app/component and version
We aim to acknowledge receipt within 72 hours and to send a status update within 7 days.
This policy covers the source in this repository (the Moss ecosystem landing site). Each Android app — Flick, Latch — is maintained in its own repository; report app-specific issues against the relevant repo:
- Flick: moss-apps/Flick
- Latch: moss-apps/Latch
Only the latest release of each component receives security fixes.