test/datacap
1
0
Fork 0
mirror of https://gitee.com/devlive-community/datacap.git synced 2024-12-02 03:57:35 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
302989cf38
datacap/SECURITY.md
qianmoQ 6d23279cff [Core] [Env] Update SECURITY.md
2024-06-09 10:08:10 +08:00

51 lines
2.1 KiB
Markdown
Raw Blame History

# Security Policy
## Supported Versions
We take security seriously and will actively respond to any issues that are reported to us. Please ensure you are using the latest version of our software.
| Version | Supported |
| ------- | ------------------ |
| 1.x | :white_check_mark: |
| < 1.0 | :x: |
## Reporting a Vulnerability
If you discover a security vulnerability, please follow the steps below to report it:
1. **Do not create a public issue.** Instead, email us directly at [security@devlive.org](mailto:security@devlive.org).
2. Provide as much information as possible, including:
- A detailed description of the vulnerability.
- Steps to reproduce the vulnerability.
- Any potential impacts.
- Your contact information.
## Vulnerability Handling
Upon receiving a vulnerability report, we will:
1. **Acknowledge receipt of the report** within 24 hours and work with you to understand the issue.
2. **Validate the vulnerability** and determine its impact and severity.
3. **Develop a fix** for the vulnerability.
4. **Release a patch** as soon as possible and notify you when the patch is available.
5. **Credit the reporter** for the discovery in the release notes if they wish to be acknowledged.
## Security Best Practices
We recommend the following best practices for ensuring the security of your deployment:
- **Keep your software up to date.** Ensure you are always running the latest version.
- **Regularly audit your dependencies.** Use tools like `npm audit`, `yarn audit`, or `pip-audit` to find and fix vulnerabilities in third-party libraries.
- **Follow the principle of least privilege.** Only grant the necessary permissions to users and services.
- **Monitor and log activity.** Set up monitoring and logging to detect any suspicious activity.
- **Backup regularly.** Ensure you have regular backups of your data and configurations.
## Contact
For any security concerns or questions, you can contact us at:
- **Email:** [security@devlive.org](mailto:security@devlive.org)
- **Twitter:** [@example](https://twitter.com/devlive)
Thank you for helping to keep our community safe!
Reference in New Issue View Git Blame Copy Permalink