Skip to content

Commit 0c67fb4

Browse files
bjohansebasUlisesGascon
bjohansebas
and
UlisesGascon
authored
feat: add security page (#23)
Co-authored-by: Sebastian Beltran <[email protected]> Co-authored-by: Ulises Gascón <[email protected]>
1 parent ee9b93b commit 0c67fb4

File tree

1 file changed

+27
-0
lines changed

1 file changed

+27
-0
lines changed

src/pages/security.md

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
# Security Policy
2+
3+
## Reporting a Vulnerability
4+
5+
We take security vulnerabilities seriously and appreciate your efforts to responsibly disclose any issues you may find. Please follow the guidelines below to report a security issue **privately**.
6+
7+
### Primary Reporting Method: GitHub Security Advisory
8+
9+
If you discover a security vulnerability, it is crucial that you **do not create a public issue** under any circumstances. Public issues can inadvertently expose the vulnerability, potentially leading to exploitation before a fix is available.
10+
11+
Instead, please report the vulnerability via the [GitHub Security Advisory](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) for the relevant repository. This private channel ensures that only the maintainers can access the details of the vulnerability, enabling a timely and secure resolution.
12+
13+
### Secondary Reporting Option: Email
14+
If you are unable to use the GitHub Security Advisory for any reason, you may report the issue via email to `[email protected]`.
15+
16+
When sending an email, please include as much detail as possible, including:
17+
- Steps to reproduce the issue.
18+
- A description of the vulnerability and its potential impact.
19+
- Any supporting information or proof of concept.
20+
21+
### Important Reminder
22+
We reiterate: **Do not create a public issue to report a security vulnerability.** This is to protect both the project and its users from potential exploitation before the issue is resolved.
23+
24+
### Response Time
25+
We will acknowledge receipt of your report within 2-5 working days and work on resolving the issue as quickly as possible. We may request additional details during the investigation process.
26+
27+
Thank you for your responsible disclosure and for helping us maintain the security of our project.

0 commit comments

Comments
 (0)