This security policy applies to the PTerm GitHub repository and outlines the process for reporting security issues and handling security incidents. The primary goal of this policy is to ensure the safety and integrity of the PTerm codebase and to minimize the impact of security incidents on our users.
PTerm is a command-line interface (CLI) tool library, and we believe the security risks associated with it are minimal. However, we recognize that vulnerabilities can still arise, and we are committed to addressing them promptly and transparently.
If you discover a security issue in PTerm, please follow these steps:
Open a new issue in the PTerm GitHub repository, describing the security problem in detail.
If a dependency of PTerm is found to be vulnerable or infected and requires immediate updates, please follow these steps:
- Open a new issue in the PTerm GitHub repository, describing the vulnerable dependency and the need for an update.
- Optional: Contact @MarvinJWendt directly via Twitter or Discord to alert them to the issue.
Upon receiving a security report, the PTerm team will:
- Acknowledge receipt of the report and review the issue.
- Investigate the issue and determine the severity and impact.
- Develop and implement a fix or mitigation plan, as necessary.
- Update the PTerm repository and notify users, if applicable.