This security policy documents how to record a security vulnerability in the UTD Survival Guide and how the Project Nebula maintainers respond to such inquiries.

The current pre-release version of the UTD Survival Guide will have security bugs fixed on an ad-hoc basis until the first public release.

Below is a table of what versions of Nebula Guide will have security vulnerabilities patched:

If you notice a service vulnerability detectable in the user-facing portions of this app, contact the Nebula maintainers at [email protected] with the subject line [nebula]: User-Facing Security Vulnerability.

If the issue is due to something internal - like a vulnerability in the app's library dependencies, open an issue and tag it with the Type: Security Vulnerability label.

One a maintainer triages the issue and determines it to be an actual vulnerability, work will immediately begin to resolve it. The fix will be applied to the develop branch as soon as possible and once merged into master will be published to the web app, which will apply changes on page reload.

The maintainers will reply to the issue once it is resolved or once a week until resolution, whichever is earlier.