-
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: aayush <[email protected]> Co-authored-by: Smriti Bhandari <[email protected]>
- Loading branch information
3 people
authored
Dec 9, 2024
1 parent
e1cd9fb
commit bf4d42f
Showing
1 changed file
with
52 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| # Security Policy for Carch | ||
|
|
||
| ## Introduction | ||
|
|
||
| The security of the **Carch** project is of utmost importance to us. We are committed to addressing vulnerabilities in a timely manner to ensure the safety and reliability of our software. This document outlines our process for reporting and handling security vulnerabilities. | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| If you discover a potential security vulnerability in **Carch**, please report it promptly by following these guidelines to ensure an efficient response: | ||
|
|
||
| ### 1. Report Method | ||
|
|
||
| You can report vulnerabilities using one of the following methods: | ||
| - **Email**: Send a detailed report to our security email at [[email protected]](mailto:[email protected]). | ||
| - **Report Form**: Fill out the [Report Form](https://github.com/harilvfs/carch/security/advisories/new). | ||
| - **GitHub Issues**: Create a private issue in this repository and label it with "security." Ensure that the issue remains private to protect sensitive information. | ||
|
|
||
| ### 2. Information to Include | ||
|
|
||
| To facilitate a thorough investigation, please include the following information in your report: | ||
| - **Description**: A clear and concise description of the vulnerability. | ||
| - **Reproduction Steps**: Step-by-step instructions to reproduce the issue, including any specific configurations or environments. | ||
| - **Impact Assessment**: An explanation of the potential impact of the vulnerability (e.g., data exposure, system compromise). | ||
| - **Mitigation Strategies**: Any recommendations for mitigating the vulnerability until a fix is implemented. | ||
|
|
||
| ### 3. Response Time | ||
|
|
||
| Upon receiving your report, we will: | ||
| - Acknowledge the receipt of your report within **48 hours**. | ||
| - Provide you with an estimated timeline for our investigation. | ||
|
|
||
| ### 4. Updates | ||
|
|
||
| You will receive regular updates on the status of your report, including: | ||
| - A confirmation of whether the vulnerability is accepted for investigation. | ||
| - Ongoing progress updates throughout the assessment and remediation process. | ||
| - Notifications of any decisions regarding the vulnerability. | ||
|
|
||
| ### 5. Disclosure Policy | ||
|
|
||
| Once a vulnerability is confirmed and a fix is implemented: | ||
| - We will release an update addressing the vulnerability as soon as possible. | ||
| - If you wish, we will credit you as the reporter in the release notes. | ||
| - We will inform the community about the vulnerability, its impact, and the resolution measures taken. | ||
|
|
||
| ## Conclusion | ||
|
|
||
| Thank you for your vigilance and commitment to keeping **Carch** secure. We appreciate your cooperation and dedication to improving our project's security. If you have any questions or need further assistance, please don’t hesitate to reach out. | ||
|
|
||
| --- | ||
|
|
||
| Your contributions help us maintain a secure and reliable environment for all users of **Carch**! |