The Face Recognition System project values the security of its code and data. This policy outlines the steps to report, address, and prevent security vulnerabilities:
-
Reporting a Vulnerability:
- If you discover a security vulnerability, please report it immediately by opening an issue marked as Security or emailing the project maintainers (email to be provided).
- Provide detailed information about the vulnerability, including steps to reproduce it, if possible.
-
Responsible Disclosure:
- Do not publicly disclose vulnerabilities before they have been addressed.
- Give maintainers a reasonable amount of time to investigate and resolve the issue before sharing it publicly.
-
Security Best Practices:
- Ensure that all code, especially for the API and model pipelines, is free of potential vulnerabilities (e.g., injection attacks, buffer overflows).
- Regularly review dependencies for known security issues and apply updates when necessary.
- Implement proper access controls for sensitive data, such as facial embeddings and user data.
- Maintain a secure connection (SSL/TLS) for all network communications.
-
Patch Policy:
- Security patches should be applied as quickly as possible once a vulnerability is confirmed.
- All patches will undergo thorough testing to ensure no regressions or performance issues.