Skip to content

Security: SiddharthBahuguna/NEWS-AGGREGATOR-PROJECT

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in our project, please report it to us as follows:

Please include as much detail as possible in your report, including:

  • The type of issue
  • Steps to reproduce the issue
  • The potential impact of the vulnerability
  • Any possible fixes you might have in mind

What to Expect

  • Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours.
  • Initial Response: Within 72 hours, we will provide an initial assessment of the vulnerability and outline the next steps.
  • Updates: We will provide updates on the status of your report at least every 7 days.
  • Resolution: We aim to resolve confirmed vulnerabilities within 30 days. If this is not possible, we will provide an updated timeline.

Handling of Reports

  • Accepted Reports: If we accept the vulnerability report, we will work with you to ensure a fix is developed and implemented. We will coordinate a public disclosure with you once the issue is resolved.
  • Declined Reports: If we decline the report, we will provide you with a detailed explanation of why we believe it is not a security issue.

Public Disclosure Policy

We believe in responsible disclosure. We will work with security researchers to ensure vulnerabilities are patched before public disclosure. Details of the vulnerability will be disclosed after a fix has been released, or after we have determined that the issue is not a security risk.

Security Updates

To stay informed about security updates, please:

Security Best Practices

To help ensure the security of your deployments:

  • Always use the latest version of our software.
  • Regularly update requirements to their latest secure versions.

Thank you for helping to keep our project secure!

There aren’t any published security advisories