This document describes the security policy and reporting procedures for the IMIS website project.
If you want to report a bug which is not security sensible, please submit an issue.
Our team takes all security issues in IMIS code seriously.
If you want to report a security issue we appreciate your effort and kindly ask you to submit a responsible disclosure.
Unfortunately, IMIS does not offer a bug bounty programme or other forms of monetary compensation.
However, we can acknowledge your effort publicly in the GitHub project.
Thank you for improving the security of the IMIS website project!
Report security issues via email at [email protected].
The IMIS team acknowledges your email within two days and will further respond in detail within three days, explaining the induced actions.
Our security team will keep you up to date of the progress towards fixing the vulnerability and may ask you for additional information.
Please report security issues in third-party dependencies to the person or team maintaining the project for this dependency.
When we receive a security bug report, we will assign it to a person who handles your disclosure.
This person is responsible for the following steps of the fix process:
- Confirm the problem and identify affected versions
- Audit code for finding similarproblems
- Develop fixes for all affected versions
- Release fixes as quick as possible
Feedback on this policy and the process is welcome and if you want to suggest how to improve it, we kindly ask you to submit a pull request.