zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-07 23:38:35 +02:00
Code Issues Projects Releases Packages Wiki Activity

Create SECURITY.md

Browse source
This commit is contained in:
Pinga 2024-01-03 19:59:42 +02:00 committed by GitHub
parent 43f827b748
commit 2c48d48777
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 37 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
SECURITY.md Normal file
View file

@ -0,0 +1,37 @@
# Security Policy
## Supported Versions
Use this section to tell people about which versions of your project are
currently being supported with security updates.
| Version | Supported |
| ------- | ------------------ |
| 1.0-betaX | :white_check_mark: |
| < 1.0 | :x: |
## Reporting a Vulnerability
The Namingo team takes the security of our software seriously. If you believe you have found a security vulnerability in any version of our software, we would like you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
Please follow these steps to report a vulnerability:
1. **Do not report security vulnerabilities through public GitHub issues.**
2. Instead, please email us directly at [help@namingo.org](mailto:help@namingo.org). Provide a detailed description of the issue, including the following information:
- The version of the software that you are using
- A description of the vulnerability and how it can be reproduced
- The potential impact of the vulnerability
3. We will respond to your report within 48 hours to acknowledge receipt of your report and to outline the next steps in handling your submission.
4. After the initial reply to your report, the security team will endeavor to keep you informed of the progress being made towards a fix and full announcement. We may also ask for additional information or guidance.
### Disclosure Policy
When we receive a vulnerability report, our immediate priority is to confirm and fix the vulnerability. We ask that you do not publicly disclose the issue until we have had the chance to resolve it.
We aim to handle all security issues transparently after the initial assessment phase. Once the issue is resolved, we will release a security advisory detailing the vulnerability, our response, and acknowledgments to the reporters.
### Comments on this Policy
If you have suggestions on how this process could be improved, please submit a pull request or issue.
Thank you for helping to keep Namingo and its users safe.