Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: enhance security.md with vulnerability reporting guidelines #153

Merged
merged 1 commit into from
Dec 24, 2024
Merged

docs: enhance security.md with vulnerability reporting guidelines #153

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 31 additions & 3 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Security

## Binary Files

Some may have concerns about the security of binary files, but the following points should provide assurance about this project:

1. First and foremost, we have no intention of harming anyone’s project.
Expand All @@ -21,8 +23,34 @@ Some may have concerns about the security of binary files, but the following poi

## Reporting a Vulnerability

If you believe you have found a security vulnerability, we encourage you to let us know right away.
If you discover any security vulnerabilities in this package, please report them immediately. We take security seriously and will address all legitimate reports in a timely manner.

### How to Report

To report a vulnerability, please email us at <rpfos@naver.com>. Provide as much detail as possible about the vulnerability, including:

- The nature of the vulnerability.
- Steps to reproduce the issue.
- Any potential risks or impacts on users.
- Your contact information for further clarification.

### Response Process

1. We will acknowledge receipt of your report promptly and begin investigating the issue.
1. After validating the report, we will work to fix the vulnerability and release an update as soon as possible.
1. You will be informed of the resolution once the fix is deployed.
1. Security patches will be communicated through GitHub releases and other relevant channels.

## Security Best Practices

We recommend following these best practices to help maintain the security of your application when using this package:

- Always use the latest version.
- Regularly update your dependencies to include the latest security fixes.
- Review and monitor your own usage for potential security issues.

If you have any questions or need further information, please don't hesitate to contact us.

We will investigate all legitimate reports and do our best to quickly fix the problem.
## Supported Versions

Email <rpfos@naver.com> to disclose any security vulnerabilities.
Security updates are applied only to the most recent releases.
Loading