From 892b8bbd343937994fec72a7504a8943e2a2bd6a Mon Sep 17 00:00:00 2001 From: SEBASTIAN JN Date: Sun, 22 Dec 2024 13:57:05 -0300 Subject: [PATCH] chore(security): add SECURITY.md for vulnerability reporting Added a SECURITY.md file to provide guidelines for reporting security vulnerabilities. It includes contact information, the process for handling reports, and security best practices. --- SECURITY.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..2b57ae2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,33 @@ +# Security + +This document provides guidelines on how to report security vulnerabilities in the project. + +## Reporting Vulnerabilities + +If you discover a security vulnerability, please follow the guidelines below to report it securely and responsibly: + +1. **Do not open public issues**: Please do not submit public issues or pull requests containing details of the vulnerability. This could allow others to exploit the issue before it's fixed. + +2. **Contact**: Send an email to **sebastianjnuwu@gmail.com** or open a private ticket in the repository to report the issue. Please provide as many details as possible, including: + - Description of the vulnerability + - Steps to reproduce it + - Potential impact + - Any code or examples of how the vulnerability can be exploited + +3. **Acknowledgment**: All security reports will be handled with the utmost seriousness, and you will be publicly credited if the issue is resolved. + +## Handling Reports + +When we receive a security report, we follow this process: + +1. We confirm receipt of the report within 48 hours. +2. We analyze and prioritize the vulnerability. +3. We work on fixing the issue promptly. +4. We inform the reporter when a fix is ready. + +## References + +- [GitHub Security Guidelines](https://docs.github.com/en/github/managing-security-vulnerabilities/creating-a-security-policy) +- [OWASP Top Ten](https://owasp.org/www-project-top-ten/) + +Thank you for helping keep this project secure!