If you discover a security vulnerability in Lomito, please report it responsibly.
Email: security@lomito.org
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Response Timeline:
- Acknowledgment: within 48 hours
- Initial assessment: within 1 week
- Fix timeline: depends on severity
Do NOT:
- Open a public issue for security vulnerabilities
- Exploit the vulnerability beyond proof-of-concept
- Access or modify other users' data
We appreciate your help keeping Lomito and its users safe.