-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #52 from anurag6569201/patch-2
Create SECURITY.md
- Loading branch information
Showing
1 changed file
with
43 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# Security Policy | ||
|
||
## Reporting a Vulnerability | ||
|
||
If you discover a security vulnerability in our project, please report it to us as follows: | ||
|
||
- **Email**: [[email protected]](mailto:[email protected]) | ||
- **Issue Tracker**: [GitHub Issues](https://github.com/SiddharthBahuguna/NEWS-AGGREGATOR-PROJECT/issues) (for non-sensitive information only) | ||
|
||
Please include as much detail as possible in your report, including: | ||
- The type of issue | ||
- Steps to reproduce the issue | ||
- The potential impact of the vulnerability | ||
- Any possible fixes you might have in mind | ||
|
||
### What to Expect | ||
|
||
- **Acknowledgment**: We will acknowledge receipt of your vulnerability report within 48 hours. | ||
- **Initial Response**: Within 72 hours, we will provide an initial assessment of the vulnerability and outline the next steps. | ||
- **Updates**: We will provide updates on the status of your report at least every 7 days. | ||
- **Resolution**: We aim to resolve confirmed vulnerabilities within 30 days. If this is not possible, we will provide an updated timeline. | ||
|
||
### Handling of Reports | ||
|
||
- **Accepted Reports**: If we accept the vulnerability report, we will work with you to ensure a fix is developed and implemented. We will coordinate a public disclosure with you once the issue is resolved. | ||
- **Declined Reports**: If we decline the report, we will provide you with a detailed explanation of why we believe it is not a security issue. | ||
|
||
## Public Disclosure Policy | ||
|
||
We believe in responsible disclosure. We will work with security researchers to ensure vulnerabilities are patched before public disclosure. Details of the vulnerability will be disclosed after a fix has been released, or after we have determined that the issue is not a security risk. | ||
|
||
## Security Updates | ||
|
||
To stay informed about security updates, please: | ||
- Subscribe to our [security mailing list](http://example.com/security-updates) | ||
|
||
## Security Best Practices | ||
|
||
To help ensure the security of your deployments: | ||
- Always use the latest version of our software. | ||
- Regularly update requirements to their latest secure versions. | ||
|
||
Thank you for helping to keep our project secure! |