Skip to content

Latest commit

 

History

History
54 lines (32 loc) · 2.83 KB

security-policy.md

File metadata and controls

54 lines (32 loc) · 2.83 KB
Raw

Security Policy

Overview

This security policy applies to this GitHub repository and outlines our procedures for handling security vulnerabilities. We are committed to ensuring the safety and security of our codebase and the services we provide. If you discover a vulnerability, we encourage you to notify us so we can address the issue promptly.

Scope

This policy applies to all code, scripts, and documentation within this repository, as well as any services or systems directly related to this project, including:

  • Cloud services and resources
  • Any associated domain or hosting environments

Reporting a Vulnerability

If you discover a security vulnerability in this repository, please do not create a public issue. Instead, follow these steps:

  1. Email Notification: Please report vulnerabilities by sending an email to dev@prosopo.io. Include the following details:

    • A description of the vulnerability.
    • Steps to reproduce the issue.
    • The potential impact or severity of the vulnerability.
    • Any other relevant information that will help us understand and resolve the issue.

  2. Response Time: We will acknowledge receipt of your report within 48 hours and provide an estimated time frame for resolution.

Handling Vulnerabilities

  1. Triage: Upon receipt of a vulnerability report, our security team will triage the issue and assess its impact and severity.

  2. Fix and Testing: We will prioritize the development of a fix and ensure that it is tested thoroughly. We may reach out to the reporter for additional information or clarification if necessary.

  3. Disclosure: We are committed to transparency and will disclose vulnerabilities responsibly. We will coordinate with the reporter to determine an appropriate disclosure timeline, balancing the need for a prompt fix with the need to protect users.

  4. Patch Release: Once a fix is ready, we will release a patch and update our repository. The issue will be documented in our change log and relevant release notes.

Guidelines for Contributors

To maintain security, we request that contributors:

  • Avoid sharing sensitive information such as credentials, API keys, or personal data in the repository.
  • Follow best practices for secure coding and avoid introducing known vulnerabilities into the codebase.
  • Use secure methods of communication when discussing potential security issues.

Security Best Practices

To protect your own and others' systems, we recommend the following practices:

  • Regularly update dependencies to patch known vulnerabilities.
  • Review and monitor access controls for all sensitive resources.
  • Use multi-factor authentication (MFA) for accessing sensitive systems.

Questions or Feedback

For any questions or feedback regarding this security policy, please contact us at dev@prosopo.io.