Skip to content

Security: anand346/findissues

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
1.0.0

Reporting a Vulnerability

Introduction

This document outlines the security policy for the FindIssues open source project that enables it's users to find most recent and un-assigned github issues with its advance search technique. The policy is intended to provide guidelines and procedures for reporting, triaging, and addressing security vulnerabilities in the project.

Scope

The security policy covers the codebase and documentation of the open source project.

Vulnerability Disclosure Process

The project will provide a dedicated email address [email protected] for submitting vulnerability reports related to the FindIssues website or any of the linked websites. Vulnerability reports will be reviewed and triaged by the project's maintainers. The owner will aim to respond to vulnerability reports within 72 hours and will provide regular updates on the status of the vulnerability and any remediation efforts.

Roles and Responsibilities

The maintainers are responsible for handling vulnerability reports and making decisions about how to address them. They will also work with contributors and external website owners to resolve the issue(s) as quickly as possible.

Response Timeline

FindIssues will aim to resolve critical vulnerabilities within 30 days and non-critical vulnerabilities within 90 days. These deadlines may extend if additional time is needed to address the issue(s).

Secure Coding Practices

FindIssues will guide secure coding practices for contributors, including guidelines for input validation, authentication, authorization, and data protection.

Regular Review and Update

The security policy will be regularly reviewed and updated to ensure that it remains effective and relevant. The maintainers will evaluate the vulnerability disclosure process, update secure coding guidelines, and revise the response timeline as needed.

Disclosure Policy

FindIssues will follow a coordinated disclosure policy, which means that vulnerabilities will be disclosed publicly only after they have been remediated. The project may work with external website owners to coordinate the disclosure of vulnerabilities that affect their websites.

Legal Disclaimer

The security policy includes a legal disclaimer that limits the liability of the project maintainers and contributors for any security vulnerabilities or incidents that occur as a result of using FindIssues's website or any of the linked sources.

Contact Information

If you have any questions or concerns about the security policy or any security vulnerabilities in the project, please contact us at [email protected].

By implementing this security policy, we aim to ensure that vulnerabilities are addressed promptly and that users and contributors can use FindIssues and its linked sources safely and securely.

There aren’t any published security advisories