We take the security of DigitalBloom seriously and appreciate responsible disclosure.

If you believe you have discovered a security vulnerability in DigitalBloom, do not report it publicly via GitHub Issues, Discussions, or social media.

📧 stratetacticallimited@gmail.com

Email subject: DigitalBloom Security Report – <short description>

Please include as much of the following information as possible:

• Affected platform: Android or Windows
• DigitalBloom version (e.g. v27.10)
• Steps to reproduce the issue
• Expected behavior vs actual behavior
• Impact assessment (what an attacker could realistically do)
• Proof of concept, logs, or screenshots (if available)
• Any suggested mitigation or workaround
• Your contact details for follow-up

If sensitive data is involved, please redact unnecessary personal or business information.

Once a valid security report is received, we aim to follow this timeline:

• Acknowledgement: within 48 hours (business days)

• Initial assessment: within 7 calendar days

• Mitigation or fix:

  • Critical issues: as soon as feasible, typically within 30 days
  • Non-critical issues: scheduled for a future release

• Coordinated disclosure: after a fix or agreed mitigation is available

Timelines may vary depending on complexity and platform constraints.

We classify vulnerabilities as follows:

• Critical Remote code execution, full system compromise, or bypass of major security controls.

• High Privilege escalation, sensitive data exposure, or major service disruption.

• Medium Limited data leakage or abuse requiring specific conditions.

• Low Minor issues with minimal security impact.

Severity classification will be communicated during assessment.

Security updates are provided for:

• The latest released version (currently v27.10)
• Older versions may not receive fixes unless the issue is critical

Users are strongly encouraged to upgrade to the latest release.

This repository distributes compiled binaries only.

• Fixes are delivered through new binary releases
• Source code is not publicly available in this repository
• Some security reviews or audits may be handled under commercial or NDA terms

For details, see BINARY_ONLY.md.

We request that reporters:

• Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
• Do not publicly disclose issues before coordinated resolution
• Act in good faith to protect users and businesses

We are committed to respectful, professional collaboration with security researchers.

Primary contact: 📧 stratetacticallimited@gmail.com

If you do not receive acknowledgement within 48 hours, you may resend the report or use an alternative contact channel provided by Stratetactical / STL Limited.

Thank you for helping keep DigitalBloom secure and reliable.