L3RS Foundation

Security

Our approach to security and responsible disclosure.

Responsible Disclosure

The L3RS Foundation takes security seriously. If you discover a security vulnerability in the L3RS-1 specification, reference implementation, conformance test suite, or this website, we encourage responsible disclosure.

Reporting a Vulnerability

Please report security issues via email to security@l3rs.foundation. Include the following in your report:

  • Description of the vulnerability.
  • Steps to reproduce the issue.
  • Affected component (specification, reference implementation, test suite, website).
  • Any potential impact or severity assessment.

Our Commitment

  • We will acknowledge receipt of your report within 3 business days.
  • We will provide an initial assessment within 10 business days.
  • We will not take legal action against researchers who follow this responsible disclosure policy.
  • We will credit reporters in any public advisory, unless anonymity is requested.

Scope

This policy covers the L3RS Foundation website (l3rs.foundation), the L3RS-1 specification document, the reference implementation, and the conformance test suite published on the official L3RS GitHub repository.