-
Notifications
You must be signed in to change notification settings - Fork 36
/
security.txt
32 lines (20 loc) · 2.76 KB
/
security.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Security Policy
Reporting a Vulnerability
If you have discovered a vulnerability within the project, I sincerely appreciate your efforts in helping me maintain a secure system. I take security concerns seriously and encourage you to report any potential vulnerabilities promptly. This section will guide you on how to report a vulnerability and what you can expect during the process.
Reporting Process
To report a vulnerability, please follow these steps:
Create an Issue: Go to the project's GitHub repository and create a new issue. Please provide a clear and concise title that reflects the nature of the vulnerability.
Include Details: In the issue description, please provide me with a detailed explanation of the vulnerability. It would be immensely helpful if you could include steps to reproduce the issue, relevant code snippets, and any additional information that can assist me in understanding and addressing the problem effectively.
Contact Information: Don't forget to include your contact information (preferably an email address) so that I can reach out to you for further clarification or updates regarding the reported vulnerability.
Response and Update
Once you have reported a vulnerability, I will promptly review the issue and respond to you within a reasonable timeframe. I aim to acknowledge the report within 4 business days and provide an initial assessment of the vulnerability's severity.
Vulnerability Assessment
After receiving your vulnerability report, I will conduct a thorough assessment to determine its validity and severity. I may request additional information or clarifications from you during this process to ensure a comprehensive evaluation.
Acceptance or Decline
If the vulnerability is accepted, I will take appropriate measures to address and fix the issue. I will provide you with expected timelines for resolving the vulnerability.
In case the vulnerability is deemed outside the scope of the project or does not pose a significant risk, it may be declined. I will provide a clear explanation for my decision and any recommended actions, if applicable.
Public Disclosure
To ensure the safety and security of our users, I kindly request that you refrain from publicly disclosing the vulnerability until I have had sufficient time to address it. I strive to resolve vulnerabilities in a timely manner and appreciate your cooperation in maintaining responsible security practices.
Recognition
I deeply value the contributions of the security community and I am open to recognizing individuals who responsibly report vulnerabilities. If you would like to be credited for your discovery, please let me know when submitting the report.
Thank you for helping me improve the security of the project. I genuinely appreciate your support in making our software safer for everyone.