Skip to content

Latest commit

 

History

History
97 lines (65 loc) · 2.63 KB

SECURITY.md

File metadata and controls

97 lines (65 loc) · 2.63 KB

Security Policy for DevDisplay

Reporting Security Vulnerabilities

We take the security of DevDisplay seriously. If you discover any security vulnerabilities, please report them to us responsibly by following these steps:

  1. DO NOT create a public GitHub issue for security vulnerabilities
  2. Send an email to [hellow.ashutosh@gmail.com] with details about the vulnerability
  3. Include the following information:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Any suggested fixes (if available)

Response Timeline

  • We will acknowledge receipt of your vulnerability report within 48 hours
  • We aim to provide a detailed response within 5 business days
  • We will keep you informed about the progress of fixing the vulnerability

Security Best Practices

For Contributors

  1. Code Review

    • All code changes must go through peer review
    • Security-sensitive code requires additional review
    • Follow secure coding guidelines
  2. Dependencies

    • Keep all dependencies up to date
    • Regularly check for known vulnerabilities in dependencies
    • Use only trusted and well-maintained packages
  3. Authentication & Authorization

    • Use strong password policies
    • Implement proper session management
    • Follow the principle of least privilege
  4. Data Protection

    • Encrypt sensitive data in transit and at rest
    • Never commit sensitive data (tokens, passwords, keys) to the repository
    • Use environment variables for sensitive configuration

For Users

  1. Account Security

    • Use strong, unique passwords
    • Enable two-factor authentication when available
    • Keep your access tokens secure
  2. Reporting Issues

    • Report any suspicious activity immediately
    • Do not share sensitive information publicly
    • Follow responsible disclosure practices

Security Updates

  • Security patches will be released as soon as possible
  • Critical updates will be clearly marked
  • Users will be notified of security-related updates through our communication channels

Scope

This security policy applies to:

  • The main DevDisplay repository
  • Official plugins and extensions
  • Official documentation
  • Related deployment configurations

Out of Scope

The following are considered out of scope:

  • Third-party plugins not maintained by DevDisplay
  • User-modified configurations
  • Issues already reported
  • Theoretical vulnerabilities without proof of concept

Contact

For security-related inquiries:

Thank you for helping keep DevDisplay and its users safe!


Last updated: [02-11-24] Version: 1.0