Skip to content
This repository has been archived by the owner on Oct 1, 2023. It is now read-only.

Security: ntfargo/tir-goapi

Security

SECURITY.md

Security Policy

Security is important. This document outlines our security policy for the TIR-Project Go API and provides guidance on how to responsibly report security vulnerabilities.

How to Report a Security Vulnerability

If you've found a security vulnerability in our code, we appreciate your help in disclosing it to us in a responsible manner.

Step 1: Identification

If you discover a security vulnerability in our project, we kindly request that you refrain from disclosing it publicly.

Step 2: Initial Contact

Please email us at [email protected] with initial details of the vulnerability. Make sure to provide as much information as possible to help us understand the scope and impact.

Step 3: Team Review

Once received, our security team will review the information and may contact you for further details, if necessary.

Step 4: Resolution and Disclosure

After assessing the vulnerability, we will take appropriate action to resolve it. We will then coordinate with you to disclose the issue responsibly to the public, if appropriate.

Step 5: Recognition

Contributors who help identify and resolve vulnerabilities will be acknowledged in the project’s documentation or website, unless they wish to remain anonymous.

What To Include In Your Report

  • A detailed explanation of the vulnerability
  • Steps to reproduce the issue (if possible)
  • Any potential impact of the vulnerability
  • Suggestions for how to fix or mitigate the issue, if any
  • Response Time

We aim to acknowledge reports within 48 hours and to provide an assessment of the issue within a week. Please understand that resolving the issue may take more time depending on its complexity.

Responsible Disclosure

We encourage responsible disclosure and will not take legal action against those who report security vulnerabilities in compliance with this policy.

There aren’t any published security advisories