-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add security and privacy policy for extensions
- Loading branch information
1 parent
4a0c9d6
commit db948db
Showing
3 changed files
with
203 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| --- | ||
| title: Security Policy for Extensions in the mStudio marketplace | ||
| sidebar_label: Security policy | ||
| --- | ||
|
|
||
| This security policy defines the requirements and standards that contributors must adhere to in order to ensure the security and integrity of extensions in the mStudio Marketplace. The goal is to protect the data and systems of users and ensure maximum trust in the marketplace and its extensions. | ||
|
|
||
| ## General Security Principles | ||
|
|
||
| ### No Harm to Users | ||
|
|
||
| Extensions must not cause harm to the user or their data in any way. Any actions that could endanger the user or their systems are strictly prohibited. | ||
|
|
||
| ### Transparency of Functionality | ||
|
|
||
| Extensions must only perform the functions described in their documentation. Hidden, undocumented, surprising or deceitful functionalities are not allowed. | ||
|
|
||
| ### Principle of Minimal Permissions | ||
|
|
||
| Extensions must request only the minimal permissions necessary to perform their function. | ||
|
|
||
| ### No Privilege Escalation or Circumvention | ||
|
|
||
| Extensions must not use mechanisms to escalate or circumvent access controls. An extension should not grant a user any access privileges that are not already granted by the mStudio itself. They must strictly adhere to the security policies and permissions defined by the marketplace. | ||
|
|
||
| ### Defensive Approach to Modifications | ||
|
|
||
| When an extension accesses or modifies the contents of a user's hosting environment (e.g., web environment content, configurations), a defensive approach must be taken. If there is any doubt about the success or safety of an action, it must be aborted, and the user must be informed. For example: | ||
|
|
||
| - Inconsistencies in data. | ||
| - Risks to system integrity or availability. | ||
|
|
||
| The principle of "better safe than sorry" must always be followed. | ||
|
|
||
| ## Security Standards | ||
|
|
||
| ### Compliance with OWASP Top 10 | ||
|
|
||
| Contributors must ensure that their extensions comply with the recommendations of the OWASP Top 10, addressing risks such as injection attacks, authentication vulnerabilities, and insecure data transmission. | ||
|
|
||
| ### Mandatory Use of TLS | ||
|
|
||
| All data transmissions between the extension, the marketplace, and external services must be encrypted. TLS is mandatory and cannot be disabled under any circumstances. | ||
|
|
||
| ### Protection Against Cross-Site Scripting (XSS) | ||
|
|
||
| Extensions must be protected against Cross-Site Scripting (XSS) attacks. Input from users or other sources must be validated, filtered, and properly encoded before being processed or displayed. | ||
|
|
||
| ### Secure Handling of Tokens and Passwords | ||
|
|
||
| Tokens and passwords must be securely generated, using cryptographically secure random number generators. They must never be stored or transmitted in plain text. | ||
|
|
||
| ### Secure Storage of Secrets | ||
|
|
||
| All sensitive data (e.g., API keys, secrets, or credentials) must be securely stored using encrypted methods. Sensitive data must also be kept separate from executable code. | ||
|
|
||
| ## Use of External Resources | ||
|
|
||
| ### Trusted Sources | ||
|
|
||
| When using external libraries or software, they must come exclusively from trusted sources, such as official repositories or websites. Contributors must regularly check these dependencies for security updates and ensure they remain up to date. | ||
|
|
||
| ### Regular Updates and Maintenance | ||
|
|
||
| Extensions must be actively maintained to address evolving security challenges and compatibility with the marketplace environment. Contributors are required to: | ||
|
|
||
| - Provide timely security updates for identified vulnerabilities. | ||
| - Monitor dependencies and update external libraries or software components regularly to maintain security. | ||
| - Test updates thoroughly to avoid introducing new vulnerabilities or breaking existing functionality. | ||
| - Communicate changes clearly to users with a detailed changelog. | ||
|
|
||
| ## Development and Publication | ||
|
|
||
| ### Code Reviews | ||
|
|
||
| Before releasing an extension, its code must be thoroughly reviewed to ensure compliance with all security standards. | ||
|
|
||
| ### Testing | ||
|
|
||
| Extensions must be thoroughly tested to ensure they function as expected and do not expose any unforeseen vulnerabilities. | ||
|
|
||
| ## Consequences of Non-Compliance | ||
|
|
||
| Extensions that violate this security policy: | ||
|
|
||
| - Will be removed from the marketplace. | ||
| - May result in the contributor’s account being banned. | ||
| - Could lead to legal action, particularly in cases of intentional or grossly negligent harm to users. | ||
|
|
||
| By adhering to this policy, contributors and the marketplace work together to create a secure and trustworthy environment for all users. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,110 @@ | ||
| --- | ||
| title: Privacy and GDPR Policy for Extensions in the mStudio marketplace | ||
| sidebar_label: Privacy policy | ||
| --- | ||
|
|
||
| This privacy and GDPR policy establishes the requirements that contributors must follow to ensure compliance with data protection regulations, including GDPR, when developing and distributing extensions in the mStudio Marketplace. The goal is to protect user privacy and maintain transparency in data handling. | ||
|
|
||
| ## Data Deletion Policy | ||
|
|
||
| ### Deletion of Data on Uninstallation | ||
|
|
||
| When a user uninstalls an _Extension Instance_, any data stored or processed by the extension related to that extension instance must be securely deleted. This includes: | ||
|
|
||
| - User-generated data stored locally or remotely by the extension. | ||
| - Logs or backups created by the extension during its operation. | ||
|
|
||
| Extensions must ensure no residual data remains after uninstallation unless explicitly requested and approved by the user. | ||
|
|
||
| ### Secure Deletion Practices | ||
|
|
||
| All data deletion processes must ensure that the data is irretrievably removed, preventing any unauthorized recovery or misuse. Contributors should: | ||
|
|
||
| - Use secure deletion protocols for locally stored data. | ||
| - Ensure remote data deletion complies with server-side security standards, such as GDPR Article 17 ("Right to Erasure"). | ||
| - Verify and log the successful deletion of data where feasible. | ||
|
|
||
| ## Data Minimization | ||
|
|
||
| ### Collect Only Necessary Data | ||
|
|
||
| Extensions must collect only the data strictly necessary for their functionality. Special attention must be given when processing personal data: | ||
|
|
||
| - Avoid collecting sensitive personal data unless absolutely necessary. | ||
| - Implement clear documentation and safeguards for all collected data. | ||
|
|
||
| Contributors are responsible for ensuring that data minimization principles are integrated into their extension’s design and operation. | ||
|
|
||
| ### Justification for Data Collection | ||
|
|
||
| For every data point collected, contributors must: | ||
|
|
||
| - Clearly define the purpose of the collection. | ||
| - Document why the data is essential to the extension's functionality. | ||
| - Ensure that the collected data does not exceed what is necessary for the stated purpose. | ||
|
|
||
| This documentation should be available for audits and user inquiries to demonstrate compliance. | ||
|
|
||
| ## Data Processing Agreements | ||
|
|
||
| ### Agreements with Third-Party Services | ||
|
|
||
| If the extension relies on third-party services for data processing, contributors must ensure that: | ||
|
|
||
| - Data Processing Agreements (DPAs) are in place with all third-party providers. | ||
| - The agreements comply with GDPR and include provisions for secure processing and storage of data. | ||
| - The third parties adhere to GDPR-compliant practices. | ||
|
|
||
| Contributors must document and maintain these agreements as part of their responsibility. | ||
|
|
||
| ### Regular Review of Third-Party Compliance | ||
|
|
||
| Contributors must periodically review the compliance of third-party services to ensure: | ||
|
|
||
| - They are up to date with relevant data protection regulations. | ||
| - They have not introduced new risks or vulnerabilities. | ||
| - Any changes to their terms of service or practices are consistent with GDPR requirements. | ||
|
|
||
| This proactive approach minimizes the risk of non-compliance due to third-party failures. | ||
|
|
||
| ## Transparency in Data Processing | ||
|
|
||
| ### Inform Users About Data Usage | ||
|
|
||
| Extensions must provide clear and detailed information to users about any personal data being processed. This includes: | ||
|
|
||
| - A list of personal data collected and processed. | ||
| - The purpose of data collection. | ||
| - Where and how the data is stored. | ||
| - Details of third-party services involved in processing, if any. | ||
|
|
||
| This information must be easily accessible to users and included in the extension’s documentation or settings. | ||
|
|
||
| ### User Consent and Control | ||
|
|
||
| Extensions must ensure that users: | ||
|
|
||
| - Provide explicit consent before any personal data is collected or processed. | ||
| - Have the ability to review, modify, or delete their data easily. | ||
| - Can withdraw consent at any time without affecting the core functionality of the extension, unless such functionality relies on the specific data. | ||
|
|
||
| The process for obtaining consent and enabling user control must be straightforward and user-friendly. | ||
|
|
||
| ## Incident Response | ||
|
|
||
| In the event of a data breach or violation of GDPR requirements: | ||
|
|
||
| - The incident must be reported immediately to mittwald, the marketplace operator. | ||
| - Affected users must also be informed promptly about the breach, the scope of the impact, and any measures taken to mitigate the issue. | ||
|
|
||
| Contributors must have a clear protocol for identifying, documenting, and addressing data breaches to minimize harm and ensure compliance. | ||
|
|
||
| ## Consequences of Non-Compliance | ||
|
|
||
| Extensions that violate this privacy and GDPR policy: | ||
|
|
||
| - Will be removed from the marketplace. | ||
| - May result in the contributor’s account being banned. | ||
| - Could lead to legal action or regulatory penalties, especially in cases of intentional or negligent data handling practices. | ||
|
|
||
| By adhering to this policy, contributors help create a privacy-focused environment in the mStudio Marketplace, ensuring compliance with GDPR and fostering trust among users. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| label: Guidelines | ||
| link: | ||
| type: generated-index |