Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added security.md file #13

Closed
wants to merge 1 commit into from
Closed

Added security.md file #13

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions security/SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Security Release process:
The Assetmantle OSS team and the community takes all the security issues and vulnerability reports quite seriously. This includes all of the source code repositories under assetmantle.

## Reporting vulnerabilities:

Make sure to not report any kind of security vulnerability by creating a new issue on github.

We would request you to report security vulnerabilities by emailing the Assetmantle security team at:

```<ENTER EMAIL HERE>```

We are extremely grateful for users and vulnerability researchers that report vulnerabilities to the Assetmantle security team. We ensure that all of the security reports submitted are thoroughly investigated by our team.

## Security vulnerability response:
Each of the security vulnerability reports are acknowledged and analyzed by the security team thoroughly. You should be receiving a response within 24 - 48 hours. However,if you do not receive a response from us, please follow up via email to ensure that we received your original message.

The lead maintainer will acknowledge your email within 24 hours, and will send a much more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, the security team will make sure to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

### When should you report a vulnerability:
- When you discover a security threat that could drastically affect AssetMantle
- When you discover a vulnerability in any other project that AssetMantle depends upon. In such a case, report the security issues to those projects directly.

You may include the information listed below in order to help us understand the nature and scope of the possible issue:
- Type of issue.
- Complete path of the source file from where the vulnerability is arising.
- Location of the source code (branch/commit/tag or direct URL).
- Configuration and set-up required to reproduce the issue.
- Impact of the issue
- Probable ways to solve the vulnerability
The aforementioned information would allow us to look into the report much more quickly and would allow us to identify the issue easily.

We would make sure to keep the reporter updated as we move from fixing the issue to releasing the fix.

## Preferred languages:
We prefer all of the communications to be in english.