¿Hablas español? ¡Aquí puedes encontrar las Política de seguridad en español!
At Indie Creators HQ, we take security vulnerabilities very seriously. If you discover a vulnerability in our project, please let us know as soon as possible so we can take steps to fix it.
To report a vulnerability, please follow these steps:
-
Check if the vulnerability has already been reported by searching the project's issue tracker.
-
If the vulnerability has not been reported yet, create a new issue using our security report template, which can be found here.
-
Provide as much detail as possible about the vulnerability, including steps to reproduce it and any relevant error messages.
-
Our security team will review your report and respond as soon as possible, typically within 48 hours.
-
If your report is accepted, we will work to address the vulnerability and release a fix as soon as possible. We may contact you for additional information or to request your help in testing the fix.
-
Once the vulnerability is fixed, we will publicly acknowledge your contribution to our project's security.
We take several steps to ensure the security of our project, including:
- Regular code reviews and audits
- Use of industry-standard encryption and authentication protocols
- Limited access to production systems and data
- Ongoing monitoring and analysis of system logs and traffic
We ask that all security vulnerabilities be disclosed to us responsibly, in accordance with the principles of responsible disclosure. This means that you should not publicly disclose any details of the vulnerability until we have had a chance to review and fix it.
If you follow these principles and give us a reasonable amount of time to address the issue before making any public disclosures, we will not take legal action against you in connection with your report.
If you would like to contribute to our project's security, please follow the same process as for code contributions (see CONTRIBUTING.md). We welcome suggestions for security improvements and code changes that enhance our project's security posture.