The security of our projects is a top priority. If you believe you've found a security vulnerability in any of The No Hands Company's repositories, please report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them to us privately by:
- Emailing us at [email protected]
- Include as much information as possible about the vulnerability:
- The project and file affected
- Steps to reproduce the issue
- The potential impact of the vulnerability
- Any possible mitigations
Once we receive a security report, the following process will be followed:
- We will acknowledge your report within 2 business days.
- Our security team will investigate the issue and determine its impact and severity.
- We will develop a fix and test it internally.
- We will release the fix according to our release schedule:
- Critical vulnerabilities: Immediate patch release
- High severity: Within 7 days
- Medium/Low severity: Next scheduled release
We provide security updates for the following versions of our projects:
| Project | Version | Supported |
|---|---|---|
| VersaEngine | 0.x | ✅ |
| VersaUI | 0.x | ✅ |
| Tools | 0.x | ✅ |
When contributing to our projects, please follow these security best practices:
- Keep dependencies updated to their latest secure versions
- Validate all user inputs
- Follow the principle of least privilege
- Do not commit sensitive information (tokens, passwords, etc.)
- Use strong encryption for sensitive data
- Implement proper error handling
We employ several security measures in our projects:
- Automated vulnerability scanning
- Regular dependency updates
- Code reviews with security focus
- Static code analysis
We believe in responsible disclosure. Security issues will only be publicly disclosed after a fix has been released and users have had reasonable time to update their installations.
Thank you for helping us keep The No Hands Company projects secure!