We take the security of Simple LAN Scanner seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them via email to the project maintainer. You can find contact information in the git commit history.

Please include the following information:

• Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

• We will acknowledge your email within 48 hours
• We will provide a more detailed response within 7 days
• We will work on fixing the vulnerability and will keep you informed of our progress
• We will credit you for the discovery (unless you prefer to remain anonymous)

When using Simple LAN Scanner:

1. Run with Minimal Privileges: Only run with administrator/root privileges when necessary
2. Keep Updated: Always use the latest version for security patches
3. Secure Storage: Ensure device data files are stored securely with appropriate permissions
4. Network Isolation: Use on trusted networks only
5. Review Permissions: Regularly review file and directory permissions

When we receive a security report, we will:

1. Confirm the vulnerability
2. Determine the affected versions
3. Develop a fix
4. Release a patch
5. Publicly disclose the vulnerability (crediting the reporter unless they wish to remain anonymous)

We aim to handle all security issues within 30 days of disclosure.