Skip to content

CODE_OF_CONDUCT.md

Latest commit

 

History

History
63 lines (46 loc) · 2.42 KB

CODE_OF_CONDUCT.md

File metadata and controls

63 lines (46 loc) · 2.42 KB

Code of Conduct

Purpose

This project exists to advance defensive security by teaching practitioners how identity-verification controls can be assessed under authorization. Everyone who interacts with this repository — contributors, readers, and users — is expected to act responsibly and ethically.

Expected behavior

  1. Authorized use only. Apply the techniques in this repository only to applications and systems you own or have explicit written permission to test. Never target third-party apps, services, or users without authorization.

  2. Use synthetic data. Use your own face, AI-generated images, or fabricated documents for testing. Never use real individuals' biometric data or identity documents without their informed consent.

  3. Respect the law. Comply with all applicable laws and regulations in your jurisdiction. If you are unsure whether an activity is lawful, stop and consult a qualified attorney before proceeding.

  4. Be professional. Engage with other community members respectfully. Harassment, discrimination, doxxing, and personal attacks are not tolerated.

  5. Disclose responsibly. If you discover a real-world vulnerability while studying this material, follow coordinated disclosure practices (see Chapter 2 of the book and SECURITY.md).

  6. Do not distribute real targets. Do not use this repository to host, share, or distribute APKs or credentials belonging to third parties.

Unacceptable behavior

  • Using this material to conduct unauthorized access, fraud, or identity theft.
  • Sharing bypass results for applications you are not authorized to test.
  • Posting real users' biometric data, credentials, or personal information.
  • Misrepresenting this material as endorsement or instruction for illegal activity.

Enforcement

Violations may result in:

  • Removal of contributions (issues, PRs, discussions).
  • Temporary or permanent bans from the repository.
  • Reporting to the appropriate platform or authorities where warranted.

Reporting

If you witness or experience a violation, open an issue or use GitHub's reporting tools. Reports will be reviewed promptly and kept confidential.

Attribution

This Code of Conduct is adapted from the Contributor Covenant v2.1 with additions specific to security research ethics.