mirror of
https://gitee.com/devlive-community/datacap.git
synced 2024-12-01 19:48:14 +08:00
[Core] [Env] Update SECURITY.md
This commit is contained in:
parent
ff4d5196e8
commit
6d23279cff
51
SECURITY.md
51
SECURITY.md
@ -2,20 +2,49 @@
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Use this section to tell people about which versions of your project are
|
||||
currently being supported with security updates.
|
||||
We take security seriously and will actively respond to any issues that are reported to us. Please ensure you are using the latest version of our software.
|
||||
|
||||
| Version | Supported |
|
||||
|---------|--------------------|
|
||||
| 5.1.x | :white_check_mark: |
|
||||
| 5.0.x | :x: |
|
||||
| 4.0.x | :white_check_mark: |
|
||||
| < 4.0 | :x: |
|
||||
| ------- | ------------------ |
|
||||
| 1.x | :white_check_mark: |
|
||||
| < 1.0 | :x: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
Use this section to tell people how to report a vulnerability.
|
||||
If you discover a security vulnerability, please follow the steps below to report it:
|
||||
|
||||
Tell them where to go, how often they can expect to get an update on a
|
||||
reported vulnerability, what to expect if the vulnerability is accepted or
|
||||
declined, etc.
|
||||
1. **Do not create a public issue.** Instead, email us directly at [security@devlive.org](mailto:security@devlive.org).
|
||||
2. Provide as much information as possible, including:
|
||||
- A detailed description of the vulnerability.
|
||||
- Steps to reproduce the vulnerability.
|
||||
- Any potential impacts.
|
||||
- Your contact information.
|
||||
|
||||
## Vulnerability Handling
|
||||
|
||||
Upon receiving a vulnerability report, we will:
|
||||
|
||||
1. **Acknowledge receipt of the report** within 24 hours and work with you to understand the issue.
|
||||
2. **Validate the vulnerability** and determine its impact and severity.
|
||||
3. **Develop a fix** for the vulnerability.
|
||||
4. **Release a patch** as soon as possible and notify you when the patch is available.
|
||||
5. **Credit the reporter** for the discovery in the release notes if they wish to be acknowledged.
|
||||
|
||||
## Security Best Practices
|
||||
|
||||
We recommend the following best practices for ensuring the security of your deployment:
|
||||
|
||||
- **Keep your software up to date.** Ensure you are always running the latest version.
|
||||
- **Regularly audit your dependencies.** Use tools like `npm audit`, `yarn audit`, or `pip-audit` to find and fix vulnerabilities in third-party libraries.
|
||||
- **Follow the principle of least privilege.** Only grant the necessary permissions to users and services.
|
||||
- **Monitor and log activity.** Set up monitoring and logging to detect any suspicious activity.
|
||||
- **Backup regularly.** Ensure you have regular backups of your data and configurations.
|
||||
|
||||
## Contact
|
||||
|
||||
For any security concerns or questions, you can contact us at:
|
||||
|
||||
- **Email:** [security@devlive.org](mailto:security@devlive.org)
|
||||
- **Twitter:** [@example](https://twitter.com/devlive)
|
||||
|
||||
Thank you for helping to keep our community safe!
|
||||
|
Loading…
Reference in New Issue
Block a user