BuzzU is a security-sensitive communication platform. Please report vulnerabilities responsibly.
Please do not open a public issue for unpatched vulnerabilities.
Instead, report security issues privately through the official repository security workflow at buzzu-p2p/BuzzU or by contacting the founder directly at md.wasif.faisal@g.bracu.ac.bd.
Include:
- affected component
- steps to reproduce
- expected impact
- proof of concept if available
- suggested mitigation if known
Security reports are especially welcome for:
- identity and authentication flaws
- Nostr signing and verification issues
- WebRTC signaling weaknesses
- trust and safety bypasses
- privacy leaks
- relay abuse vectors
- edge worker misconfiguration
The project aims to:
- acknowledge valid reports quickly
- reproduce and assess impact
- patch critical issues before public disclosure
- credit responsible reporters when appropriate
Good-faith security research intended to improve BuzzU will be treated respectfully.