Skip to content

Commit 6199d1a

Browse files
securestep9securestep9
authored
Merge branch 'master' into apsw-with-sqlalchemy
2 parents b9ff851 + c9af1ab commit 6199d1a

File tree

2 files changed

+48
-10
lines changed

2 files changed

+48
-10
lines changed

SECURITY.md

Lines changed: 44 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,49 @@
11
# Security Policy
22

3-
## Supported Versions
4-
The latest release and the current master branch
3+
At OWASP Nettacker, we take security seriously. This document outlines our security policy, including how to report vulnerabilities, our responsible disclosure process, and how we handle security issues.
54

6-
## Reporting a Vulnerability
5+
---
76

8-
Report a vulnerability to the project maintainers by raising a security advisory [here](https://github.com/OWASP/Nettacker/security/advisories/new)
7+
## **Supported Versions**
98

10-
## Contacting Maintainers
11-
The Project Leaders are listed on the OWASP Nettacker Project page here: [https://owasp.org/nettacker](https://owasp.org/nettacker)
9+
We provide security updates for the following versions of OWASP Nettacker:
10+
11+
- **Latest Release**: The most recent stable release.
12+
- **Current Master Branch**: The latest development version on the `master` branch.
13+
14+
Older versions may not receive security updates. We strongly recommend that users upgrade to the latest version.
15+
16+
---
17+
18+
## **Reporting a Vulnerability**
19+
20+
If you discover a security vulnerability in OWASP Nettacker, we appreciate your help in disclosing it responsibly. Here’s how you can report it:
21+
22+
### **1. GitHub Security Advisory**
23+
- You can report the vulnerability by creating a - **Github Security Advisory**: [OWASP Nettacker Security Page](https://github.com/OWASP/Nettacker/security/advisories/new)
24+
- Follow the prompts to submit a **private security advisory**.
25+
26+
### **2. Responsible Disclosure Process**
27+
- We will acknowledge your report and work with you to establish a timeline for addressing the vulnerability.
28+
- Once the issue is fixed, we will release a patch and publicly disclose the vulnerability, crediting you (unless you prefer to remain anonymous).
29+
30+
---
31+
32+
## **Vulnerability Handling Process**
33+
34+
1. **Triage**: The Project Leaders will review the report and assess the severity of the vulnerability.
35+
2. **Fix Development**: A fix will be developed and tested for the vulnerability.
36+
3. **Release**: A patched version of OWASP Nettacker will be released.
37+
4. **Disclosure**: The vulnerability will be publicly disclosed, including credits to the reporter.
38+
39+
---
40+
41+
## **Contacting Maintainers**
42+
43+
For general inquiries or non-security-related issues, you can contact the project leaders:
44+
45+
- **Project Page**: [OWASP Nettacker Project Page](https://owasp.org/nettacker)
46+
- **GitHub Issues**: [OWASP Nettacker Issues](https://github.com/OWASP/Nettacker/issues)
47+
- **Slack/Discord**: Join the OWASP Slack workspace and find us in the `#project-nettacker` channel.
48+
49+
For **security-related issues**, please use the private disclosure methods described above.

poetry.lock

Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)