mirror of
https://github.com/anuraghazra/github-readme-stats.git
synced 2024-12-27 06:25:47 +08:00
40 lines
1.5 KiB
Markdown
40 lines
1.5 KiB
Markdown
# GitHub Readme Stats Security Policies and Procedures <!-- omit in toc -->
|
|
|
|
This document outlines security procedures and general policies for the
|
|
GitHub Readme Stats project.
|
|
|
|
- [Reporting a Vulnerability](#reporting-a-vulnerability)
|
|
- [Disclosure Policy](#disclosure-policy)
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
The GitHub Readme Stats team and community take all security vulnerabilities
|
|
seriously. Thank you for improving the security of our open source
|
|
software. We appreciate your efforts and responsible disclosure and will
|
|
make every effort to acknowledge your contributions.
|
|
|
|
Report security vulnerabilities by emailing the GitHub Readme Stats team at:
|
|
|
|
```
|
|
hazru.anurag@gmail.com
|
|
```
|
|
|
|
The lead maintainer will acknowledge your email within 24 hours, and will
|
|
send a more detailed response within 48 hours indicating the next steps in
|
|
handling your report. After the initial reply to your report, the security
|
|
team will endeavor to keep you informed of the progress towards a fix and
|
|
full announcement, and may ask for additional information or guidance.
|
|
|
|
Report security vulnerabilities in third-party modules to the person or
|
|
team maintaining the module.
|
|
|
|
## Disclosure Policy
|
|
|
|
When the security team receives a security bug report, they will assign it
|
|
to a primary handler. This person will coordinate the fix and release
|
|
process, involving the following steps:
|
|
|
|
* Confirm the problem.
|
|
* Audit code to find any potential similar problems.
|
|
* Prepare fixes and release them as fast as possible.
|