Security Policy
Confidentiality, Integrity, and Availability
We consider vulnerabilities leading to the compromise of data confidentiality, elevation of privilege, or integrity to be our highest priority concerns. Availability, particularly in areas relating to DoS and resource exhaustion, is also a serious security concern. The Fuency developer takes all vulnerabilities, potential vulnerabilities, and suspected vulnerabilities seriously and will investigate them in an urgent and expeditious manner.
Note that we do not currently consider the default settings for Fuency to be secure-by-default. It is necessary for operators to explicitly configure settings, role-based access control, and other resource-related features in Fuency to provide a hardened Fuency environment. We will not act on any security disclosure that relates to a lack of safe defaults. Over time, we will work towards improved safe-by-default configuration, taking into account backwards compatibility.
Reporting a Vulnerability - Private Disclosure Process
Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to Fuency privately, to minimize attacks against current users of Fuency before they are fixed. Vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible. This information could be kept entirely internal to the project.
These Terms constitute the entire agreement between you and Fuency and supersede all prior or contemporaneous agreements or understandings.
Contact Us
If you have any questions or concerns about these Terms, please contact us at [support@fuency.com].
By using the Fuencywebsite and its services, you acknowledge that you have read, understood, and agree to be bound by these Terms.