-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
55 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| # Security Policy | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| We are committed to maintaining the security of CodeBRT. Below is the list of versions currently supported with security updates: | ||
|
|
||
| | Version | Supported | | ||
| | ------- | ------------------ | | ||
| | 0.4.3 | :white_check_mark: | | ||
| | < 0.4.3 | :x: | | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| We take the security of our project seriously. If you discover a security vulnerability within CodeBRT, please follow these steps: | ||
|
|
||
| 1. **Do Not Publicly Disclose**: Do not create a public GitHub issue for a suspected security vulnerability. | ||
|
|
||
| 2. **Email our Security Team**: | ||
| - Send a detailed description of the vulnerability to: [codebrtdev@gmail.com] | ||
| - Include steps to reproduce the vulnerability | ||
| - Provide any relevant code snippets or proof of concept | ||
|
|
||
| 3. **What to Expect**: | ||
| - We will acknowledge receipt of your vulnerability report within 48 hours | ||
| - Our security team will investigate and validate the report | ||
| - You can expect an initial assessment within 5-7 business days | ||
| - We will keep you informed about the progress of the investigation | ||
|
|
||
| 4. **Potential Outcomes**: | ||
| - If the vulnerability is accepted: | ||
| - We will work on a fix and create a security patch | ||
| - You will be credited for your discovery (if you wish) | ||
| - We may provide a bounty or recognition for significant findings | ||
|
|
||
| - If the vulnerability is declined: | ||
| - We will provide a detailed explanation | ||
| - We'll offer guidance if the issue is not a critical security risk | ||
|
|
||
| 5. **Responsible Disclosure**: | ||
| - We request that you give us reasonable time to address the vulnerability before any public disclosure | ||
| - We are committed to resolving and patching security issues promptly | ||
|
|
||
| ## Security Best Practices | ||
|
|
||
| - Keep your dependencies up to date | ||
| - Use the latest version of CodeBRT | ||
| - Report any suspicious activities or potential vulnerabilities | ||
| - Follow our secure coding guidelines in the CONTRIBUTING.md | ||
|
|
||
| ## Package Health | ||
|
|
||
| - Total packages: 289 | ||
| - Current vulnerabilities: 0 | ||
|
|
||
| Thank you for helping us maintain the security of CodeBRT. |