Skip to content

Security: ubclaunchpad/StarPort

Security

docs/SECURITY.md

Security Policy

We take the security of our project seriously. This document outlines our security policy and provides guidance on how to report security vulnerabilities.

Reporting a Security Vulnerability

If you discover a security vulnerability in our APIs, we appreciate your cooperation in responsibly disclosing it to us. To report a security vulnerability, please follow these steps:

  1. Do not publicly disclose the vulnerability. Please keep it confidential until we have had sufficient time to address it.
  2. Email us at team[at]ubclaunchpad.com with the following details:
    • A detailed description of the vulnerability and the potential impact.
    • Steps to reproduce the vulnerability, if applicable.
    • Any additional information or resources that can help us understand and address the vulnerability.
  3. We will work with you to investigate and address the vulnerability. We may request additional information or clarifications during the process.
  4. Once the vulnerability is resolved, we will credit you for your responsible disclosure unless you prefer to remain anonymous.

Scope

This security policy applies to the latest version of our project. If you are using an older version, we recommend updating to the latest release to benefit from the latest security enhancements.

Responsible Disclosure

We appreciate the efforts of security researchers and individuals who responsibly disclose vulnerabilities to us. We are committed to acknowledging and addressing the reported vulnerabilities in a timely manner.

We kindly request that you:

  • Do not attempt to exploit the vulnerability beyond what is necessary to demonstrate the issue.
  • Do not intentionally disrupt or degrade the performance of our project or any related systems.

Exclusions

The following types of vulnerabilities are currently out of scope for our security policy:

  • Denial of service (DoS) attacks
  • Distributed denial of service (DDoS) attacks
  • Spamming
  • Social engineering attacks
  • Attacks requiring physical access to devices
  • Attacks targeting outdated or unsupported browsers/platforms

However, if you discover a vulnerability related to the above exclusions that could impact the security of our project, please still report it to us, and we will assess it on a case-by-case basis.

Recognition

We recognize and appreciate the contributions of security researchers who help improve the security of our project. If you report a valid security vulnerability, we are happy to publicly acknowledge your responsible disclosure unless you request to remain anonymous.


Thank you for your efforts in helping to keep our project secure!

There aren’t any published security advisories