Skip to content

Security: youngsecurity/containment-field

Security

SECURITY.md

Security

If you find a significant vulnerability or evidence of one, please report it privately.

We prefer that you use the GitHub mechanism for privately reporting a vulnerability. Under the main repository's security tab, click "Report a vulnerability" to open the advisory form.

Security Policy

This document outlines the security measures to ensure the confidentiality, integrity, and availability of our systems and data. All team members must understand and adhere to these policies.

Confidentiality

Access Control

Access to our systems and data will be granted based on the principle of least privilege. This means that users are given only the minimum access necessary to perform their job functions. Access levels will be reviewed regularly and adjusted as needed.

Passwords

All users are required to create strong, unique passwords for all accounts used within our organization. Passwords must contain a combination of uppercase and lowercase letters, numbers, and symbols, and under no circumstance shared with anyone.

Multi-Factor Authentication (MFA)

Multi-factor authentication is required for all user accounts. This adds an additional layer of security by requiring a second form of verification, such as a text message or email code, in addition to the password.

Integrity

Data Backup and Recovery

Regular backups of all data will be taken and stored offsite. Data backups will be tested regularly to ensure they can be restored in case of a disaster.

Malware Protection

All systems will have up-to-date antivirus software installed. Software installations will be restricted to approved sources, and all software updates will be applied promptly.

Availability

Disaster Recovery Plan (DRP)

A disaster recovery plan (DRP) ensures that we can quickly recover from any disruptions to our systems or data. The DRP includes procedures for notifying team members, restoring data from backups, and redirecting traffic to backup systems if necessary.

System Maintenance

Regular system maintenance will ensure the availability of our systems. This includes patching software, monitoring server performance, and conducting regular vulnerability assessments.

Reporting Suspected Security Issues

If you suspect a security issue or breach, report it to your supervisor or the IT department immediately. Do not share any details about the suspected issue on social media or with anyone outside of the organization until the matter has been properly investigated and addressed.

There aren’t any published security advisories