Skip to content

Security: HuginCyber/Hugin

Security

SECURITY.md

Security Policy

Reporting Vulnerabilities

If you find a security vulnerability in Hugin, do not open a public issue.

Instead, report it responsibly:

  1. Email: security@hugin.nu
  2. Subject: [SECURITY] Brief description
  3. Include: version, platform, steps to reproduce, impact assessment

We will acknowledge within 48 hours and aim to patch critical issues within 7 days.

Scope

  • Hugin desktop application (all platforms)
  • hugin.nu website and API
  • License/payment infrastructure

Out of Scope

  • Vulnerabilities in targets you are testing with Hugin
  • Social engineering attacks
  • Denial of service against hugin.nu

Recognition

We credit researchers who report valid vulnerabilities (unless you prefer to remain anonymous).

There aren't any published security advisories