datacap/SECURITY.md
2024-06-09 10:08:10 +08:00

2.1 KiB

Security Policy

Supported Versions

We take security seriously and will actively respond to any issues that are reported to us. Please ensure you are using the latest version of our software.

Version Supported
1.x
< 1.0

Reporting a Vulnerability

If you discover a security vulnerability, please follow the steps below to report it:

  1. Do not create a public issue. Instead, email us directly at security@devlive.org.
  2. Provide as much information as possible, including:
    • A detailed description of the vulnerability.
    • Steps to reproduce the vulnerability.
    • Any potential impacts.
    • Your contact information.

Vulnerability Handling

Upon receiving a vulnerability report, we will:

  1. Acknowledge receipt of the report within 24 hours and work with you to understand the issue.
  2. Validate the vulnerability and determine its impact and severity.
  3. Develop a fix for the vulnerability.
  4. Release a patch as soon as possible and notify you when the patch is available.
  5. Credit the reporter for the discovery in the release notes if they wish to be acknowledged.

Security Best Practices

We recommend the following best practices for ensuring the security of your deployment:

  • Keep your software up to date. Ensure you are always running the latest version.
  • Regularly audit your dependencies. Use tools like npm audit, yarn audit, or pip-audit to find and fix vulnerabilities in third-party libraries.
  • Follow the principle of least privilege. Only grant the necessary permissions to users and services.
  • Monitor and log activity. Set up monitoring and logging to detect any suspicious activity.
  • Backup regularly. Ensure you have regular backups of your data and configurations.

Contact

For any security concerns or questions, you can contact us at:

Thank you for helping to keep our community safe!