Elhub takes security and privacy of our software products and services seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

If you believe you have found a security vulnerability or privacy concern in any of our systems, please report it to us via one of the approaches described below. Please do not report security vulnerabilities through open channels such as GitHub issues or pull requests.

• To report an issue, please use GitHub vulnerability reporting.
• If you cannot do so, send an e-mail to post[@]elhub.no.
• Elhub employees should follow the internal Elhub security routines.

Include as much detail as you can in your message, such as:

• The type of the issue
• Location of any relevant source files affected
• Any particular configuration that is required to reproduce the issue
• Step-by-step instructions on how to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how it might be exploited

This information will help us triage your report more quickly.

The security team will send you a response indicating any next steps required to handle your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and may ask for additional information or guidance.

Developers working on an Elhub application MUST adhere to the guidelines of the Elhub Security Playbook. Note that, at this time, this is an internal document.