POLICY: Our security policy is to avoid leaving the ecosystem worse than we found it. Meaning we are not planning to introduce vulnerabilities into the ecosystem. The Snapmaker_Orca team and community take all security bugs in Snapmaker_Orca seriously. Thank you for improving the security of Snapmaker_Orca. We appreciate your efforts to disclose the issue responsibly, and will make every effort to acknowledge your contributions.
Report security bugs by emailing the lead maintainer at [email protected] and include the word "SECURITY" in the subject line.
-
Response Times: The lead maintainer will acknowledge receipt of your email within one week (7 days). A detailed response will follow within 48 hours, outlining the next steps for handling your report. After the initial reply, the security team will keep you informed about the progress toward a fix and any announcements.
-
Information and Collaboration: We may request additional information or guidance as we work on addressing the issue.
Snapmaker_Orca will confirm the problem and determine the affected versions. Snapmaker_Orca will audit code to find any similar problems. Snapmaker_Orca will prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible. Report security bugs in third-party modules to the person or team maintaining the module.
SECURITY DISCLOSURE: Your responsibility is to report vulnerabilities to us using the guidelines outlined below. Please give detailed steps on how to disclose the vulnerability. Keep these OWASP guidelines in mind ( https://www.owasp.org/index.php/Vulnerability_Disclosure_Cheat_Sheet ) when creating your disclosure policy.
Below are some recommendations for security disclosures:
Snapmaker_Orca security contact { contact: mailto:[email protected]] } When disclosing vulnerabilities please do the following: Your name and affiliation (if any). Include scope of vulnerability. Let us know who could use this exploit. Document steps to identify the vulnerability. It is important that we can reproduce your findings. Show how to exploit vulnerability, give us an attack scenario. Snapmaker_Orca Checklist: Security Recommendations Follow these steps to improve security when using Snapmaker_Orca.
...SEE SOMETHING ...SAY SOMETHING 1)...SEE SOMETHING We suggest you goto #2 if this happens.
Why? Through experience we have found it is best to goto #2 in this situation.