Responsible Disclosure
The security of Ilm Al Lughah and our users' data is extremely important to us. If you've discovered a security vulnerability on our platform, we appreciate your help in disclosing it responsibly. We follow a responsible disclosure approach, which means we ask that you report vulnerabilities privately to our team before sharing them publicly, giving us time to investigate and fix the issue.
How to Report a Vulnerability
If you believe you've found a security vulnerability, please email our security team at security@ilmallughah.com. In your report, please include: 1) A clear description of the vulnerability. 2) Steps to reproduce the issue. 3) The potential impact of the vulnerability. 4) Any suggestions for how to fix it. 5) Your contact information so we can follow up. Please do not exploit the vulnerability beyond what's necessary to demonstrate it — do not access other users' data, modify platform content, or disrupt the service.
What to Expect After Reporting
After you submit a vulnerability report, our team will: 1) Acknowledge receipt within 48 hours. 2) Investigate the reported vulnerability and assess its severity. 3) Keep you updated on our progress in addressing the issue. 4) Notify you when the vulnerability has been fixed. 5) Credit you in our security acknowledgments (if desired). We aim to resolve critical vulnerabilities within 7 days and other issues within 30 days.
Scope & Exclusions
Our security reporting program covers vulnerabilities in the Ilm Al Lughah web application, API, and authentication flow. Out of scope are: denial-of-service attacks, social engineering of our staff, vulnerabilities in third-party services we use (report these to the respective provider), and self-XSS or issues that require unlikely user interaction. We appreciate the security research community's efforts in helping us keep our platform safe for all learners.