Skip to content

Security: Juanpabloan5605/EORMC

Security

SECURITY.MD

Security Policy

Supported Versions

This repository contains documentation and public technical references for Eormc Exchange. For platform security issues, refer to the reporting process below.

Reporting a Vulnerability

If you discover a security vulnerability related to Eormc Exchange's platform, API, or infrastructure, do not open a public GitHub issue.

Report it directly to our security team:

📧 support@eormc.org

Please include:

  • A clear description of the vulnerability
  • Steps to reproduce or proof-of-concept (if applicable)
  • Potential impact assessment
  • Your contact information (optional, for follow-up)

Response Timeline

Stage Timeframe
Acknowledgement Within 48 hours
Initial assessment Within 5 business days
Status update Within 14 business days
Resolution (critical) As soon as possible

Scope

In scope:

  • Eormc Exchange platform and trading infrastructure
  • API endpoints (REST / WebSocket)
  • Authentication and account security mechanisms
  • Fund custody and wallet infrastructure

Out of scope:

  • Third-party services and integrations
  • Social engineering attacks
  • Physical security
  • Issues already publicly disclosed

Disclosure Policy

Eormc follows a coordinated disclosure model. We ask that you give us reasonable time to investigate and remediate before any public disclosure. We commit to keeping you informed throughout the process.

We do not currently operate a formal bug bounty program, but we recognize significant contributions at our discretion.

Contact

For non-security inquiries: eormc.org

There aren't any published security advisories