Skip to content

Commit 6ba5f3d

Browse files
authored
Create SECURITY.md
1 parent 857b68b commit 6ba5f3d

1 file changed

Lines changed: 19 additions & 0 deletions

File tree

SECURITY.md

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
Security Policy
2+
Reporting a Vulnerability
3+
The omnipkg team takes security seriously and appreciates the security community's efforts to responsibly disclose vulnerabilities. If you have discovered a security vulnerability, please report it to us as soon as possible.
4+
Please do not open a public issue. Instead, send an email to 1minds3t@proton.me (or another designated security email address). We will acknowledge your email within 48 hours and will work with you to address the vulnerability.
5+
Responsible Disclosure Policy
6+
We will follow a standard responsible disclosure process. Our commitment to you:
7+
* We will acknowledge receipt of your vulnerability report in a timely manner.
8+
* We will provide you with a timeframe for addressing the vulnerability.
9+
* We will credit you for your discovery after the vulnerability has been patched and publicly released, unless you prefer to remain anonymous.
10+
* We ask that you do not disclose the vulnerability publicly until we have released a fix. We will work with you to agree on a coordinated public disclosure date.
11+
Guidelines for Reporters
12+
We ask you to adhere to these guidelines when researching and reporting vulnerabilities:
13+
* Provide a clear, detailed description of the vulnerability, including steps to reproduce it.
14+
* Do not disclose the vulnerability or any details about it to third parties or on public forums until we have resolved it and agreed on a public disclosure date.
15+
* Do not exploit the vulnerability to access, modify, or destroy user data or system integrity.
16+
* Do not engage in activities that could compromise the confidentiality, integrity, or availability of our systems.
17+
Scope
18+
This security policy applies to the official omnipkg open-source repository and its published packages.
19+
Thank you for helping us keep omnipkg secure!

0 commit comments

Comments
 (0)