-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: update SECURITY.md to standardize reporting for frontend, backe…
…nd, and Android vulnerabilities
- Loading branch information
1 parent
fcf3bfc
commit adecb53
Showing
1 changed file
with
34 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,43 @@ | ||
| # Security Policy | ||
|
|
||
| ## Supported Branch | ||
| ## Supported Branches | ||
|
|
||
| | Branch | Supported | | ||
| | ------- | ------------------ | | ||
| | master | :white_check_mark: | | ||
| | Branch | Supported | | ||
| | --------- | ------------------ | | ||
| | backend | :white_check_mark: | | ||
| | frontend | :white_check_mark: | | ||
| | android | :white_check_mark: | | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| #### Reporting a General Vulnerability | ||
| ### General Vulnerability | ||
|
|
||
| If you are aware of a potential general security vulnerability, we encourage you to contact us. | ||
| If you are aware of a potential security vulnerability, please contact us to report it. We take security seriously and will address any issues promptly. | ||
|
|
||
| #### Reporting a Express Typescript Vulnerability | ||
| ### Specific Vulnerabilities | ||
|
|
||
| If you are aware of a potential security vulnerability with anything, we encourage you to contact us immediately through GitHub Issues. | ||
| Once your communication is received, we will response `ASAP`. | ||
| For vulnerabilities related to the following areas, please report them through GitHub Issues: | ||
|
|
||
| - **Frontend**: Issues affecting the user interface or client-side functionality. | ||
| - **Backend**: Issues impacting the server-side logic, APIs, or database interactions. | ||
| - **Android**: Issues related to the mobile application. | ||
|
|
||
| When reporting, please include as much detail as possible, such as: | ||
|
|
||
| - A description of the vulnerability | ||
| - Steps to reproduce the issue | ||
| - The impact of the vulnerability | ||
|
|
||
| ### Response Time | ||
|
|
||
| Upon receiving your report, we will acknowledge it as soon as possible. Depending on the complexity of the issue, the time to resolve may vary. | ||
|
|
||
| ## Security Best Practices | ||
|
|
||
| To help maintain the security of the repository, we recommend the following best practices: | ||
|
|
||
| - Keep your dependencies up to date. | ||
| - Regularly review your code for potential vulnerabilities. | ||
| - Follow secure coding guidelines and practices. | ||
|
|
||
| Thank you for helping us keep our project secure! |