Skip to content

Commit

Permalink
Merge pull request #52 from anurag6569201/patch-2
Browse files Browse the repository at this point in the history
Create SECURITY.md
  • Loading branch information
SiddharthBahuguna authored May 19, 2024
2 parents 9a4980e + eddf279 commit 08461b8
Showing 1 changed file with 43 additions and 0 deletions.
43 changes: 43 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in our project, please report it to us as follows:

- **Email**: [[email protected]](mailto:[email protected])
- **Issue Tracker**: [GitHub Issues](https://github.com/SiddharthBahuguna/NEWS-AGGREGATOR-PROJECT/issues) (for non-sensitive information only)

Please include as much detail as possible in your report, including:
- The type of issue
- Steps to reproduce the issue
- The potential impact of the vulnerability
- Any possible fixes you might have in mind

### What to Expect

- **Acknowledgment**: We will acknowledge receipt of your vulnerability report within 48 hours.
- **Initial Response**: Within 72 hours, we will provide an initial assessment of the vulnerability and outline the next steps.
- **Updates**: We will provide updates on the status of your report at least every 7 days.
- **Resolution**: We aim to resolve confirmed vulnerabilities within 30 days. If this is not possible, we will provide an updated timeline.

### Handling of Reports

- **Accepted Reports**: If we accept the vulnerability report, we will work with you to ensure a fix is developed and implemented. We will coordinate a public disclosure with you once the issue is resolved.
- **Declined Reports**: If we decline the report, we will provide you with a detailed explanation of why we believe it is not a security issue.

## Public Disclosure Policy

We believe in responsible disclosure. We will work with security researchers to ensure vulnerabilities are patched before public disclosure. Details of the vulnerability will be disclosed after a fix has been released, or after we have determined that the issue is not a security risk.

## Security Updates

To stay informed about security updates, please:
- Subscribe to our [security mailing list](http://example.com/security-updates)

## Security Best Practices

To help ensure the security of your deployments:
- Always use the latest version of our software.
- Regularly update requirements to their latest secure versions.

Thank you for helping to keep our project secure!

0 comments on commit 08461b8

Please sign in to comment.