|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## Supported Versions |
| 4 | + |
| 5 | +This project is under active development, and we provide security updates for the latest version only. Please ensure you're using the latest version of the project to receive security updates. |
| 6 | + |
| 7 | +| Version | Supported | |
| 8 | +| ------- | ------------------ | |
| 9 | +| latest | :white_check_mark: | |
| 10 | + |
| 11 | +## Reporting a Vulnerability |
| 12 | + |
| 13 | +We take the security of the lambda-in-private-vpc project seriously. If you have found a potential security vulnerability, we kindly ask you to report it privately, so that we can assess and address the issue before it becomes publicly known. |
| 14 | + |
| 15 | +### What Constitutes a Vulnerability |
| 16 | + |
| 17 | +A vulnerability is a weakness or flaw in the project that can be exploited to compromise the security, integrity, or availability of the system or its data. Examples of vulnerabilities include, but are not limited to: |
| 18 | + |
| 19 | +- Unauthenticated access to sensitive data |
| 20 | +- Injection attacks (e.g., SQL injection, cross-site scripting) |
| 21 | +- Insecure defaults or configurations |
| 22 | +- Insufficient access controls |
| 23 | +- Remote code execution |
| 24 | + |
| 25 | +### How to Privately Report a Vulnerability using GitHub |
| 26 | + |
| 27 | +Please follow these steps to privately report a security vulnerability: |
| 28 | + |
| 29 | +1. On GitHub.com, navigate to the main page of the [game repository](https://github.com/Hack23/game). |
| 30 | +2. Under the repository name, click **Security**. If you cannot see the "Security" tab, select the dropdown menu, and then click **Security**. |
| 31 | +3. In the left sidebar, under "Reporting", click **Advisories**. |
| 32 | +4. Click **Report a vulnerability** to open the advisory form. |
| 33 | +5. Fill in the advisory details form. Provide as much information as possible to help us understand and reproduce the issue. |
| 34 | +6. At the bottom of the form, click **Submit report**. |
| 35 | + |
| 36 | +After you submit the report, the maintainers of the game repository will be notified. They will review the report, validate the vulnerability, and take necessary actions to address the issue. You will be added as a collaborator and credited for the security advisory. |
| 37 | + |
| 38 | +### Disclosure Timeline |
| 39 | + |
| 40 | +Upon receipt of a vulnerability report, our team will: |
| 41 | + |
| 42 | +1. Acknowledge the report within 48 hours |
| 43 | +2. Validate the vulnerability within 7 days |
| 44 | +3. Develop and release a patch or mitigation within 30 days, depending on the complexity and severity of the issue |
| 45 | +4. Publish a security advisory with a detailed description of the vulnerability and the fix |
| 46 | + |
| 47 | +### Recognition and Anonymity |
| 48 | + |
| 49 | +We appreciate your effort in helping us maintain a secure and reliable project. If your report results in a confirmed security fix, we will recognize your contribution in the release notes and/or a public acknowledgment, unless you request to remain anonymous. |
| 50 | + |
| 51 | +Thank you for helping us keep the game project and its users safe. |
0 commit comments