The Open Review Initiative (ORI) Technical Steering Committee takes security seriously. We strive to design secure software, and use continuous integration and code analysis to help identify potential vulnerabilities.

The Shared Platform — including the Review Plugin API (rpa) and related plugins — is designed to be embedded in third-party review applications and to load community-authored plugins and session data. Users should exercise caution when working with untrusted plugins, session files, or media references. We take every precaution to read only valid data, but no code is immune to every exploit.

Quickly resolving security issues is a priority. To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.

Include detailed steps to reproduce the issue, and any other information that could aid an investigation. Someone will assess the report and make every effort to respond within 14 days.

Do not report security vulnerabilities through public GitHub issues, the ASWF Slack, or the project mailing list.

None

None