Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create SECURITY.md #52

Merged
merged 1 commit into from
May 19, 2024
Merged

Create SECURITY.md #52

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in our project, please report it to us as follows:

- **Email**: [[email protected]](mailto:[email protected])
- **Issue Tracker**: [GitHub Issues](https://github.com/SiddharthBahuguna/NEWS-AGGREGATOR-PROJECT/issues) (for non-sensitive information only)

Please include as much detail as possible in your report, including:
- The type of issue
- Steps to reproduce the issue
- The potential impact of the vulnerability
- Any possible fixes you might have in mind

### What to Expect

- **Acknowledgment**: We will acknowledge receipt of your vulnerability report within 48 hours.
- **Initial Response**: Within 72 hours, we will provide an initial assessment of the vulnerability and outline the next steps.
- **Updates**: We will provide updates on the status of your report at least every 7 days.
- **Resolution**: We aim to resolve confirmed vulnerabilities within 30 days. If this is not possible, we will provide an updated timeline.

### Handling of Reports

- **Accepted Reports**: If we accept the vulnerability report, we will work with you to ensure a fix is developed and implemented. We will coordinate a public disclosure with you once the issue is resolved.
- **Declined Reports**: If we decline the report, we will provide you with a detailed explanation of why we believe it is not a security issue.

## Public Disclosure Policy

We believe in responsible disclosure. We will work with security researchers to ensure vulnerabilities are patched before public disclosure. Details of the vulnerability will be disclosed after a fix has been released, or after we have determined that the issue is not a security risk.

## Security Updates

To stay informed about security updates, please:
- Subscribe to our [security mailing list](http://example.com/security-updates)

## Security Best Practices

To help ensure the security of your deployments:
- Always use the latest version of our software.
- Regularly update requirements to their latest secure versions.

Thank you for helping to keep our project secure!
Loading