|
| 1 | +<!-- Replace [INSERT CONTACT EMAIL] and [X] --> |
| 2 | + |
| 3 | +# Security Policy |
| 4 | + |
| 5 | +## Supported Versions |
| 6 | + |
| 7 | +As an open source product, we will only provide security patches for the latest major version. Older versions will not receive retroactive security patches. |
| 8 | + |
| 9 | +## Reporting Security Issues |
| 10 | + |
| 11 | +### case1: Report via Email |
| 12 | + |
| 13 | +If you discover a security vulnerability, please report it to us in the following manner: |
| 14 | + |
| 15 | +1. **Email us** at [INSERT CONTACT EMAIL]. Please do not create a public GitHub issue. |
| 16 | +2. Include as much detail as possible, including steps to reproduce the vulnerability, potential impact, and any other relevant information. |
| 17 | +3. We will acknowledge your email within [X] business days and work with you to understand the issue and address it promptly. |
| 18 | + |
| 19 | +### case2: Report via GitHub Private vulnerability reporting |
| 20 | + |
| 21 | +Out team and community take security bugs in seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. |
| 22 | + |
| 23 | +To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/route06inc/liam/security/advisories/new) tab. **Do not open up a GitHub issue.** |
| 24 | + |
| 25 | +Our team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. |
| 26 | + |
| 27 | +Report security bugs in third-party modules to the person or team maintaining the module. |
| 28 | + |
| 29 | +## Handling Security Issues |
| 30 | + |
| 31 | +We follow a responsible disclosure process: |
| 32 | + |
| 33 | +1. We will investigate the reported vulnerability and work on a fix. |
| 34 | +2. A fix will be developed, tested, and incorporated into the project. |
| 35 | +3. Once the fix is ready, we will release a new version of the project with a detailed release note. |
| 36 | +4. We will notify the reporter about the fix and acknowledge their contribution in the release notes, if they wish to be credited. |
| 37 | + |
| 38 | +## Security Best Practices |
| 39 | + |
| 40 | +To ensure the security of our project, we are committed the following best practices: |
| 41 | + |
| 42 | +1. **Keep dependencies up to date**: Regularly update dependencies to incorporate security fixes. |
| 43 | +2. **Review and audit code**: Periodically review and audit the codebase for potential security issues. |
| 44 | +3. **Use secure coding practices**: Follow best practices for secure coding to minimize vulnerabilities. |
| 45 | +4. **Stay informed**: Keep up to date with the latest security news and advisories related to the technologies used in this project. |
| 46 | + |
| 47 | +## Contact |
| 48 | + |
| 49 | +For any other security-related inquiries, please contact us at [INSERT CONTACT EMAIL]. |
| 50 | + |
| 51 | +Thank you for helping us keep our project secure! |
0 commit comments