Skip to content

Security: Dami-18/heimdall

Security

.github/SECURITY.md

Security Policy

Reporting a Vulnerability

If you have discovered a vulnerability within the project, we sincerely appreciate your efforts in helping us maintain a secure system. We take security concerns seriously and encourage you to report any potential vulnerabilities promptly. This section will guide you on how to report a vulnerability and what you can expect during the process.

Reporting Process

To report a vulnerability, please follow these steps:

  1. Create an Issue: Go to the project's GitHub repository and create a new issue. Please provide a clear and concise title that reflects the nature of the vulnerability.

  2. Include Details: In the issue description, please provide us with a detailed explanation of the vulnerability. It would be immensely helpful if you could include steps to reproduce the issue, relevant code snippets, and any additional information that can assist us in understanding and addressing the problem effectively.

  3. Contact Information: Don't forget to include your contact information (preferably an email address) so that we can reach out to you for further clarification or updates regarding the reported vulnerability.

Response and Update

Once you have reported a vulnerability, we will promptly review the issue and respond to you within a reasonable timeframe. We aim to acknowledge the report within 4 business days and provide an initial assessment of the vulnerability's severity.

Vulnerability Assessment

After receiving your vulnerability report, we will conduct a thorough assessment to determine its validity and severity. We may request additional information or clarifications from you during this process to ensure a comprehensive evaluation.

Acceptance or Decline

If the vulnerability is accepted, we will take appropriate measures to address and fix the issue. We will provide you with expected timelines for resolving the vulnerability.

In case the vulnerability is deemed outside the scope of the project or does not pose a significant risk, it may be declined. We will provide a clear explanation for our decision and any recommended actions, if applicable.

Public Disclosure

To ensure the safety and security of our users, we kindly request that you refrain from publicly disclosing the vulnerability until we have had sufficient time to address it. We strive to resolve vulnerabilities in a timely manner and appreciate your cooperation in maintaining responsible security practices.

Recognition

We deeply value the contributions of the security community, and we are open to recognizing individuals who responsibly report vulnerabilities. If you would like to be credited for your discovery, please let us know when submitting the report.

Thank you for helping us improve the security of the project. We genuinely appreciate your support in making our software safer for everyone.

There aren’t any published security advisories