-
-
Notifications
You must be signed in to change notification settings - Fork 46
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
13a1ee6
commit 9e92bca
Showing
1 changed file
with
35 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,42 @@ | ||
| # Security Policy | ||
|
|
||
| ## Supported Versions | ||
| ## Reporting a Vulnerability | ||
|
|
||
| Use this section to tell people about which versions of your project are | ||
| currently being supported with security updates. | ||
| We take the security of `egyscan` seriously. If you discover any security-related issues or vulnerabilities, we encourage you to disclose them to us responsibly. We appreciate your cooperation and will work with you to address any valid concerns. | ||
|
|
||
| | Version | Supported | | ||
| | ------- | ------------------ | | ||
| | 1.0.x | :white_check_mark: | | ||
| To report a security vulnerability, please email us at [[email protected]](mailto:[email protected]). If possible, encrypt your message using our PGP key to prevent the information from being intercepted. | ||
|
|
||
| ## Reporting a Vulnerability | ||
| Public disclosure of security vulnerabilities before they have been addressed is strongly discouraged, and we request that you allow us adequate time to investigate and mitigate the issue before making any information public. | ||
|
|
||
| When reporting a security vulnerability, please provide the following information: | ||
|
|
||
| - Description of the vulnerability, including steps to reproduce it. | ||
| - Version of `egyscan` in which the vulnerability is present. | ||
| - Any other relevant details that may help in understanding and reproducing the issue. | ||
|
|
||
| ## Responsible Disclosure | ||
|
|
||
| We believe in responsible disclosure and will make every effort to acknowledge your report and keep you informed throughout the process. Once we receive your vulnerability report, we will: | ||
|
|
||
| - Confirm that we have received your report within [15] days. | ||
| - Begin investigating the issue, assigning it an initial severity level. | ||
| - Work with you to reproduce and understand the vulnerability, if needed. | ||
| - Develop and implement a fix for the vulnerability. | ||
| - Provide you with a timeline for when the fix is expected to be released. | ||
|
|
||
| ## Security Updates and Fixes | ||
|
|
||
| Security fixes will be addressed in a timely manner and included in the next release after they have been thoroughly tested and confirmed. | ||
|
|
||
| ## Vulnerability Severity Classification | ||
|
|
||
| The severity of reported vulnerabilities will be classified using the following scale: | ||
|
|
||
| - **Critical**: Vulnerabilities that could lead to system compromise, data breach, or unauthorized access. | ||
| - **High**: Significant vulnerabilities that could result in a system breach or unauthorized access. | ||
| - **Medium**: Moderate vulnerabilities that could potentially impact system integrity or confidentiality. | ||
| - **Low**: Minor vulnerabilities with limited potential for harm. | ||
|
|
||
| Use this section to tell people how to report a vulnerability. | ||
| ## Security Contact | ||
|
|
||
| Tell them where to go, how often they can expect to get an update on a | ||
| reported vulnerability, what to expect if the vulnerability is accepted or | ||
| declined, etc. | ||
| For security-related inquiries or to report a vulnerability, please contact us at [[email protected]](mailto:[email protected]). |