Skip to content

Security: SeptdirWorkshop/RishWinTools

Security

SECURITY.md

Security policy

Read this in other languages: English, Русский.

This document outlines security procedures and policies.

Table Of Contents

Reporting a security vulnerability

  • Vulnerability messages are accepted by email at [email protected]. Any ISSUE or PR with vulnerability notification will be immediately deleted for security reasons.
  • In the heading of the letter indicate that your request is related to security. For example, use the words Security or Vulnerability
  • In the letter indicate in detail all the necessary information. How to use, mentioning vulnerabilities in other sources, etc.
  • In the sender address, use only the existing email to receive notifications about the progress of the request.

Processing request

  • After receiving and verifying the request, a notification of the result of the verification will be sent to you.
  • If the vulnerability is confirmed, the notification will indicate the priority, as well as the possible correction time.
  • Once the vulnerability has been fixed, you will be notified of the completion of the review.
  • The time period for the release of a fixed version with corrections depends on the priority of the vulnerability.

Security policy

  • Verified vulnerabilities will only be publicly announced AFTER a release is issued which fixes the vulnerability.
  • All announcements will contain as much information as possible, but will NOT contain step-by-step instructions for the vulnerability.
  • At your request, we can mention you in the update as a person who found a vulnerability. The mention may use an email address, full name or nickname of your choice.

There aren’t any published security advisories