Skip to content

Latest commit

 

History

History
57 lines (37 loc) · 3.16 KB

SECURITY.md

File metadata and controls

57 lines (37 loc) · 3.16 KB

Security Policy

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
0.2-beta
0.2.x
< 0.1.x

Reporting a Vulnerability

We take the security of our systems seriously and appreciate the assistance of security researchers and users in identifying and addressing vulnerabilities. If you have discovered a potential security vulnerability in our systems, please follow these steps to report it:

  1. Gather Information: Collect all relevant details about the vulnerability, including its nature, impact, and potential exploit scenarios.
  2. Contact Information: Prepare your contact information (name, email) so that we can get in touch with you regarding the vulnerability.
  3. Submit Report: Send an email to our email address or use in the issue section the security issue report template. Include all the information you gathered in the previous steps.

Expected Response Time

We aim to acknowledge the receipt of your vulnerability report within a short period, usually within 1-3 business days. Our security team will review your report and determine its severity and validity.

Vulnerability Assessment

After receiving the report, our security team will evaluate the vulnerability's impact and likelihood. You can expect regular updates on the status of the assessment, including whether the vulnerability has been accepted or declined for further investigation.

If the Vulnerability is Accepted

  • Mitigation Plan: Once a vulnerability is confirmed, we will start working on a plan to address it.

  • Fix and Testing: Our development team will develop a fix for the vulnerability. This fix will then undergo rigorous testing to ensure that it resolves the issue without causing unintended consequences.

  • Communication: We will keep you informed about the progress of the fix and its implementation.

  • Acknowledgment: Depending on the severity of the vulnerability, we may acknowledge your contribution publicly or privately, as per your preference.

If the Vulnerability is Declined

If our security team determines that the reported vulnerability doesn't pose a significant threat or is not valid, we will provide you with an explanation for our decision.

  • Responsible Disclosure: We adhere to a responsible disclosure policy, allowing reasonable time for us to address the vulnerability before any details are publicly disclosed. We appreciate your cooperation in maintaining the security of our systems during this process.
  • Reward and Recognition: If your report leads to the discovery and mitigation of a valid security vulnerability, you may be eligible for a reward as part of our bug bounty program. The reward amount will be determined based on the severity and impact of the vulnerability.

Thank you for helping us keep our systems secure. Your collaboration is essential in ensuring the privacy and safety of our users and data.