-
Notifications
You must be signed in to change notification settings - Fork 120
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #710 from Dipanita45/main
Create SECURITY.md
- Loading branch information
Showing
1 changed file
with
78 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| # Security Policy | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| We take the security of our project seriously. If you discover any security-related issues or vulnerabilities, please report them to us responsibly by following these guidelines: | ||
|
|
||
| 1. **DO NOT** create a public GitHub issue for security vulnerabilities. | ||
| 2. Send a detailed report to [email protected] | ||
| 3. Include as much information as possible: | ||
| - Description of the vulnerability | ||
| - Steps to reproduce the issue | ||
| - Potential impact | ||
| - Suggested fix (if any) | ||
|
|
||
| ## What to Expect | ||
|
|
||
| - We will acknowledge receipt of your report within 48 hours | ||
| - We will provide regular updates about our progress | ||
| - We will maintain confidentiality regarding your report | ||
| - Once the issue is resolved, we will publicly acknowledge your responsible disclosure (unless you prefer to remain anonymous) | ||
|
|
||
| ## Security Best Practices | ||
|
|
||
| For users and contributors of this project: | ||
|
|
||
| 1. **Keep Dependencies Updated** | ||
| - Regularly update all dependencies to their latest secure versions | ||
| - Monitor security advisories related to project dependencies | ||
|
|
||
| 2. **Authentication & Authorization** | ||
| - Use strong passwords | ||
| - Enable two-factor authentication where available | ||
| - Follow the principle of least privilege | ||
|
|
||
| 3. **Data Protection** | ||
| - Do not share sensitive information in public channels | ||
| - Encrypt sensitive data in transit and at rest | ||
| - Be cautious with logging sensitive information | ||
|
|
||
| 4. **Code Security** | ||
| - Review code changes carefully | ||
| - Follow secure coding practices | ||
| - Avoid hardcoding sensitive information | ||
| - Use proper input validation and sanitization | ||
|
|
||
| ## Scope | ||
|
|
||
| This security policy applies to: | ||
| - The main project repository | ||
| - Official releases | ||
| - Official project documentation | ||
| - Project-related communications | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| | Version | Supported | | ||
| | ------- | ------------------ | | ||
| | latest | :white_check_mark: | | ||
|
|
||
| ## Security Updates | ||
|
|
||
| Security updates will be released as soon as possible after a vulnerability is confirmed. Users will be notified through: | ||
| - Security advisories | ||
| - Release notes | ||
| - Project communication channels | ||
|
|
||
| ## Acknowledgments | ||
|
|
||
| We value and appreciate the security research community's efforts in helping keep our project secure. Responsible disclosure of vulnerabilities helps us ensure the security and privacy of our users. | ||
|
|
||
| ## Contact | ||
|
|
||
| For security-related matters, please contact: | ||
| - Email: [email protected] | ||
|
|
||
| --- | ||
|
|
||
| This security policy is subject to change without notice. Please check back regularly for updates. |