Skip to content

Latest commit

 

History

History
43 lines (22 loc) · 2.64 KB

SECURITY.md

File metadata and controls

43 lines (22 loc) · 2.64 KB

Security Policy

Introduction

This document outlines the security policy for the opengram open-source project, a community-driven platform for asking and answering programming questions. The policy is intended to provide guidelines and procedures for reporting, triaging, and addressing security vulnerabilities in the project.

Scope

The security policy covers the codebase and documentation of the open-source project, as well as any related infrastructure and services.

Vulnerability Disclosure Process

The project will provide a dedicated email address ([email protected]) for submitting vulnerability reports related to the opengram website or any associated services. Vulnerability reports will be reviewed and triaged by the project's maintainers. The aim is to respond to vulnerability reports within 72 hours and provide regular updates on the status of the vulnerability and any remediation efforts.

Roles and Responsibilities

The maintainers are responsible for handling vulnerability reports and making decisions about how to address them. They will also work with contributors to resolve issues as quickly as possible.

Response Timeline

opengram will aim to resolve critical vulnerabilities within 30 days and non-critical vulnerabilities within 90 days. These deadlines may extend if additional time is needed to address the issue(s).

Secure Coding Practices

opengram will guide secure coding practices for contributors, including guidelines for input validation, authentication, authorization, and data protection.

Regular Review and Update

The security policy will be regularly reviewed and updated to ensure that it remains effective and relevant. The maintainers will evaluate the vulnerability disclosure process, update secure coding guidelines, and revise the response timeline as needed.

Disclosure Policy

opengram will follow a coordinated disclosure policy, which means that vulnerabilities will be disclosed publicly only after they have been remediated.

Legal Disclaimer

The security policy includes a legal disclaimer that limits the liability of the project maintainers and contributors for any security vulnerabilities or incidents that occur as a result of using the opengram website or any associated services.

Contact Information

If you have any questions or concerns about the security policy or any security vulnerabilities in the project, please contact us at [email protected].

By implementing this security policy, we aim to ensure that vulnerabilities are addressed promptly and that users and contributors can use opengram safely and securely.