We take security seriously. If you discover a security vulnerability in Soundy, please help us protect our users by reporting it responsibly.
| Method | Contact | Response Time |
|---|---|---|
| ๐ฎ Discord | Tronix Development | Within 24 hours |
| ๐ Private | Create a private security advisory | Within 72 hours |
When reporting a security issue, please provide:
- ๐ Detailed description of the vulnerability
- ๐ง Steps to reproduce the issue
- ๐ฅ Potential impact assessment
- ๐ ๏ธ Suggested fix (if any)
- ๐ฑ Environment details (OS, Node.js version, etc.)
โ ๏ธ Important: Please do NOT disclose security issues publicly until they have been reviewed and resolved.
We provide security updates for the following versions of Soundy:
| Version | Supported | Status |
|---|---|---|
| Latest (main) | โ | Active development |
| Previous minor | Critical fixes only | |
| Older versions | โ | No support |
- ๐ Automatic Updates: Recommended for security patches
- ๐ฆ Manual Updates: Check releases regularly
- ๐จ Critical Updates: Immediate notification via Discord
๐ก Tip: Always use the latest version for the best security and features.
We appreciate security researchers who help keep Soundy safe. Our commitment to you:
| Stage | Timeline | Action |
|---|---|---|
| ๐ฅ Acknowledgment | 24 hours | Confirm receipt of your report |
| ๐ Initial Assessment | 72 hours | Evaluate severity and impact |
| ๐ ๏ธ Investigation | 1-2 weeks | Thorough analysis and testing |
| ๐ Resolution | 2-4 weeks | Patch development and release |
| ๐ Recognition | Post-fix | Public acknowledgment (optional) |
โ In Scope:
- Authentication and authorization issues
- Data validation and injection vulnerabilities
- Privilege escalation
- Information disclosure
- Denial of service attacks
โ Out of Scope:
- Social engineering attacks
- Physical security issues
- Third-party service vulnerabilities
- Rate limiting (unless severe)
For bot administrators and users:
- Never share your bot token publicly
- Use environment variables for sensitive data
- Rotate tokens regularly
- Monitor for unauthorized access
- Keep dependencies updated
- Use secure hosting environments
- Enable logging and monitoring
- Regular security audits
- Report suspicious activity
- Keep software updated
- Follow principle of least privilege
- Educate team members on security
Need Help with Security?
๐ฎ Discord Server โข ๐ง Email Support โข ๐ Documentation
๐ Security is everyone's responsibility - Thank you for helping keep Soundy safe!