DO NOT CREATE AN ISSUE to report a security problem. Instead, please send an email to [email protected]
In case an incident is discovered or reported, we will follow the following process to contain, respond and remediate:
The first step is to find out the root cause, nature and scope of the incident.
- Is still ongoing? If yes, first priority is to stop it.
- Is the incident outside of my influence? If yes, first priority is to contain it.
- Find out knows about the incident and who is affected.
- Find out what data was potentially exposed.
After the initial assessment and containment to my best abilities, we will document all actions taken in a response plan.
Once the incident is confirmed to be resolved, we will summarize the lessons learned from the incident and create a list of actions we will take to prevent it from happening again.
The saycheese-antidote uses the least amount of access to limit the impact of possible security incidents, see Information collection and use.
If someone would get access to the saycheese-antidote, the worst thing they could do is to read out contents from pull requests, limited to repositories the saycheese-antidote got installed on.
The StrinTH GitHub Organization requires 2FA authorization for all members.