If you discover a security vulnerability in Orbit Code, please report it responsibly.
Email: security@orbit.build
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt within 48 hours and provide a detailed response within 7 days.
Security issues in the following areas are in scope:
- Sandbox escapes (Seatbelt, Landlock, seccomp)
- Command injection vulnerabilities
- Authentication/credential handling
- File system access violations
- Network policy bypasses
We ask that you:
- Give us reasonable time to fix the issue before public disclosure
- Do not access or modify other users' data
- Act in good faith