Security Policy
Our Commitment
Security awareness is at the heart of this project. We are committed to maintaining the security of our codebase and ensuring that our educational tools are not misused.
Purpose
This project exists to educate users about QR code security risks (quishing). We believe in:
- Responsible disclosure of security vulnerabilities
- Ethical security research and education
- Transparency in our security practices
- Protecting users from real-world threats
Supported Versions
We currently support the following versions with security updates:
| Version | Supported |
|---|---|
| Latest | ✓ Supported |
| < Latest | ✗ Not Supported |
We recommend always using the latest version of the project.
Reporting a Vulnerability
We take security seriously. If you discover a security vulnerability in this project, please help us protect our users by reporting it responsibly.
⚠️ Important
Please DO NOT report security vulnerabilities through public GitHub issues.
How to Report
Instead, please report them via:
- 1LinkedIn: Arvid Berndtsson
- 2Contact via LinkedIn for security-related issues
What to Include
When reporting a vulnerability, please include:
- Description: A clear description of the vulnerability
- Impact: What could an attacker accomplish with this vulnerability?
- Steps to Reproduce: Detailed steps to reproduce the issue
- Proof of Concept: If applicable (but please don't exploit the vulnerability)
Security Best Practices
For End Users
When scanning QR codes:
- Always verify the destination URL before proceeding
- Use QR scanner apps with URL preview features
- Be cautious of QR codes in public places or from unknown sources
- Don't enter sensitive information immediately after scanning
For Project Users
When using this project's tools:
- Only use for educational purposes - never create malicious QR codes
- Clearly communicate the educational intent when running awareness campaigns
- Obtain proper permissions before deploying QR codes in any physical location
- Follow all applicable laws in your jurisdiction
Legal Notice
This project is for educational purposes only. Any malicious use of the tools provided is:
- Prohibited by our Code of Conduct
- May violate laws in your jurisdiction
- Could result in criminal or civil liability
- Will be reported to appropriate authorities