SECURITY.md at feat/prerender · erika.florist/maudit

erika.florist / maudit

fork atom

Rust library to generate static websites

fork atom

maudit / SECURITY.md

at feat/prerender 38 lines 2.0 kB view raw view rendered

wrap content

Goulven CLEC'H misc: license & md files & github templates & labels (#9) 1y ago

c2f8b560

 1# Security Policy
 2
 3## Supported Versions
 4
 5The following versions of our projects are currently supported with security updates:
 6
 7| Package | Version | Supported          |
 8| ------- | ------- | ------------------ |
 9| Maudit  | 0.x.x   | :white_check_mark: |
10| Oubli   | 0.x.x   | :white_check_mark: |
11
12## What is a Security Vulnerability?
13
14A security vulnerability is a flaw or weakness in a system's design, implementation, operation, or management that could be exploited to violate the system's security policy. (Source: OWASP)
15
16Please note that we will not accept reports related to vulnerabilities in other software, such as dependencies. Additionally, we reserve the right to close reports that describe scenarios deemed highly unlikely or far-fetched.
17
18## Reporting a Vulnerability
19
20We take security issues very seriously. If you discover a vulnerability, please report it through our private reporting form: [Report a Security Vulnerability](https://github.com/bruits/maudit/security/advisories/new).
21
22### Guidelines for Reporting
23
24- Do **not** report vulnerabilities publicly via issues or discussions.
25- Please provide as much detail as possible about the vulnerability to help us investigate and resolve it quickly.
26
27### What to Expect
28
29- You will receive an acknowledgement of your report within **48 hours** (working days).
30- If the report is valid, in most cases, a fix will be published within **one week** of confirming the vulnerability.
31
32Keep in mind that we are an open-source project, and our team is composed of volunteers. We will do our best to address the issue promptly, but we appreciate your understanding and patience.
33
34### Post-Fix Communication
35
36Once the fix is deployed, a **public security advisory** will be published here: [Security Advisories](https://github.com/bruits/maudit/security/advisories). If applicable, credit will be given to the reporter for their responsible disclosure.
37
38We greatly appreciate your efforts to help us maintain the security of our projects.