test/datacap
1
0
Fork 0
mirror of https://gitee.com/devlive-community/datacap.git synced 2024-11-29 18:48:23 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

[Core] [Env] Update SECURITY.md

Browse Source
This commit is contained in:
qianmoQ 2024-06-09 10:08:10 +08:00
parent ff4d5196e8
commit 6d23279cff
1 changed files with 40 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
SECURITY.md
View File

@ -2,20 +2,49 @@
## Supported Versions
Use this section to tell people about which versions of your project are
currently being supported with security updates.
We take security seriously and will actively respond to any issues that are reported to us. Please ensure you are using the latest version of our software.
| Version | Supported |
|---------|--------------------|
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |
| ------- | ------------------ |
| 1.x | :white_check_mark: |
| < 1.0 | :x: |
## Reporting a Vulnerability
Use this section to tell people how to report a vulnerability.
If you discover a security vulnerability, please follow the steps below to report it:
Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.
1. **Do not create a public issue.** Instead, email us directly at [security@devlive.org](mailto:security@devlive.org).
2. Provide as much information as possible, including:
- A detailed description of the vulnerability.
- Steps to reproduce the vulnerability.
- Any potential impacts.
- Your contact information.
## Vulnerability Handling
Upon receiving a vulnerability report, we will:
1. **Acknowledge receipt of the report** within 24 hours and work with you to understand the issue.
2. **Validate the vulnerability** and determine its impact and severity.
3. **Develop a fix** for the vulnerability.
4. **Release a patch** as soon as possible and notify you when the patch is available.
5. **Credit the reporter** for the discovery in the release notes if they wish to be acknowledged.
## Security Best Practices
We recommend the following best practices for ensuring the security of your deployment:
- **Keep your software up to date.** Ensure you are always running the latest version.
- **Regularly audit your dependencies.** Use tools like `npm audit`, `yarn audit`, or `pip-audit` to find and fix vulnerabilities in third-party libraries.
- **Follow the principle of least privilege.** Only grant the necessary permissions to users and services.
- **Monitor and log activity.** Set up monitoring and logging to detect any suspicious activity.
- **Backup regularly.** Ensure you have regular backups of your data and configurations.
## Contact
For any security concerns or questions, you can contact us at:
- **Email:** [security@devlive.org](mailto:security@devlive.org)
- **Twitter:** [@example](https://twitter.com/devlive)
Thank you for helping to keep our community safe!