At JobBridge, security is our highest priority. As a platform serving minors and managing personal data, we take vulnerabilities extremely seriously. This document outlines our security policies and the exact procedure for reporting any security issues you may find.

We actively provide security updates for the latest version of the main branch and the current production deployment. We do not support security patches for old versions, outdated forks, or community-maintained branches.

DO NOT open a public GitHub Issue for security vulnerabilities. Public disclosure puts our users at risk before a patch can be deployed.

If you have discovered a security vulnerability in JobBridge, please report it immediately via email:

📧 Email: rezan@jobbridge.app

To help us resolve the issue as quickly as possible, please include the following details in your email:

• A description of the vulnerability and its potential impact.
• Step-by-step instructions to reproduce the issue.
• Details of the environment where the vulnerability was found (e.g., browser version, OS).
• Any relevant logs, screenshots, or code snippets.

1. Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours.
2. Investigation: Our team will investigate the issue and determine its severity and impact.
3. Updates: We will provide regular updates on our progress toward a fix.
4. Resolution: Once the vulnerability is patched, we will notify you and deploy the fix to production immediately.

Currently, JobBridge does not operate a formal bug bounty program with financial compensation. However, we deeply appreciate the efforts of security researchers and developers who help keep our platform safe. With your permission, we will gladly acknowledge your contribution in our release notes and hall of fame.

Thank you for helping keep JobBridge secure for everyone.