From e82992e2d29cf495d59d07fbb88bcef48283f350 Mon Sep 17 00:00:00 2001 From: multiverseweb Date: Mon, 18 Nov 2024 19:13:30 +0530 Subject: [PATCH] added security.md --- SECURITY.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..32eebb2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,39 @@ +# Dataverse's Security Policies and Procedures + +This document outlines security procedures and general policies for the +Dataverse project. + +- [Reporting a Vulnerability](#reporting-a-vulnerability) +- [Disclosure Policy](#disclosure-policy) + +## Reporting a Vulnerability + +The Dataverse team and community takes all security vulnerabilities +seriously. Thank you for improving the security of our open source +software. We appreciate your efforts and responsible disclosure and will +make every effort to acknowledge your contributions. + +Report security vulnerabilities by emailing the Dataverse team at: + +``` +multiverse.letter@gmail.com +``` + +The lead maintainer will acknowledge your email within 24 hours and will +send a more detailed response within 48 hours indicating the next steps in +handling your report. After the initial reply to your report, the security +team will endeavor to keep you informed of the progress towards a fix and +full announcement, and may ask for additional information or guidance. + +Report security vulnerabilities in third-party modules to the person or +team maintaining the module. + +## Disclosure Policy + +When the security team receives a security bug report, they will assign it +to a primary handler. This person will coordinate the fix and release +process, involving the following steps: + + * Confirm the problem. + * Audit code to find any potential similar problems. + * Prepare fixes and release them as fast as possible. \ No newline at end of file