mirror of
https://github.com/hydralauncher/hydra.git
synced 2025-01-23 13:34:54 +03:00
Merge pull request #920 from thaleseuflauzino/patch-4
docs: Create SECURITY.md
This commit is contained in:
Zamitto
GitHub
commit
6273ca1376
68
SECURITY.md
Normal file
68
SECURITY.md
Normal file
@ -0,0 +1,68 @@
|
||||
# Security Policy
|
||||
|
||||
## Purpose of the Policy
|
||||
|
||||
The purpose of this Security Policy is to ensure the security of our project and maintain the trust of the community.
|
||||
|
||||
## Who is Affected by the Policy
|
||||
|
||||
This policy applies to all members of our project community, including developers, testers, repository administrators, and users.
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Use this section to tell people about which versions of your project are
|
||||
currently being supported with security updates.
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| 2.0.x | :white_check_mark: |
|
||||
| < 1.2.0 | :x: |
|
||||
|
||||
## Development Recommendations
|
||||
|
||||
### Best Practices
|
||||
|
||||
- Follow secure coding principles.
|
||||
- Use well-established libraries and frameworks.
|
||||
- Regularly update dependencies.
|
||||
- Conduct thorough testing, including security-related tests.
|
||||
|
||||
### Unrecommended Practices
|
||||
|
||||
- Do not use known vulnerabilities that have not been patched.
|
||||
- Do not publish sensitive information such as API keys or passwords.
|
||||
- Do not vote for changes that degrade the security of the project.
|
||||
|
||||
### User-Generated Content
|
||||
|
||||
- Ensure that user-generated content does not contain hidden threats.
|
||||
- Be cautious when handling user data.
|
||||
|
||||
### Community Interaction
|
||||
|
||||
- Treat each other with respect and politeness.
|
||||
- Do not spread spam or spam bots.
|
||||
- Follow community guidelines.
|
||||
|
||||
### Vulnerability Discovery and Reporting
|
||||
|
||||
- If you discover a vulnerability, report it as an issue on GitHub.
|
||||
- Your report should contain detailed information about the vulnerability, including steps to resolve it.
|
||||
|
||||
### Reporting Method
|
||||
|
||||
To report a vulnerability, create a new issue on GitHub and use branch isolation to provide details about the vulnerability.
|
||||
|
||||
### Details to Provide
|
||||
|
||||
Please provide the following information about the vulnerability:
|
||||
|
||||
- Description of the vulnerability
|
||||
- Steps to resolve the vulnerability
|
||||
- Versions on which the vulnerability was found
|
||||
- Code examples illustrating the vulnerability (if it is safe to do so)
|
||||
|
||||
### Expected Behavior
|
||||
|
||||
- If we accept the reported vulnerability, we will release a patch and update the security information on GitHub.
|
||||
- If we reject the reported vulnerability, we will provide an explanation.
|
||||
Loading…
Reference in New Issue
Block a user