If you discover a security vulnerability within make-it-oss, please report it by contacting The Architech Team. We take security seriously and will respond promptly to your report.

• Acknowledgment: You can expect an acknowledgment of your report within 48 hours.
• Updates: We will provide updates on the status of your report as we investigate and address the issue.
• Resolution: If the vulnerability is confirmed, we will work to resolve it as quickly as possible and inform you once a fix has been deployed.

The following document describes various aspects of make-it-oss security. This will continue to evolve alongside our development process, and nothing here is considered final. We appreciate any and all feedback.

At the time of writing, make-it-oss has not undergone any third-party security audits. As a matter of policy, we will not publish these reports publicly until we have completed our internal review process.

Currently, make-it-oss does not have a paid bug bounty program due to financial constraints. We expect this to change in the future; however, there are no guarantees. Retrospective grants may be considered on a case-by-case basis for significant vulnerabilities reported during this period.