Skip to content

Latest commit

 

History

History
49 lines (33 loc) · 2.06 KB

SECURITY.md

File metadata and controls

49 lines (33 loc) · 2.06 KB

Security Policy

Supported Versions

We actively maintain the following versions of the python-amazon-sp-api library. Security updates will be provided for these versions:

Version Supported
1.x.x
0.x.x

Reporting a Vulnerability

If you discover a security vulnerability in this project, we appreciate your responsible disclosure. Please follow the steps below to report it:

  1. Slack
    Send a detailed report to Michael or saleweaver in the slack channel. An invite to the channel is available in the readme. Please include the following in your email:

    • A description of the vulnerability.
    • Steps to reproduce the issue.
    • Any potential impact it may have.
    • Your recommendations for fixing the vulnerability (if applicable).
  2. Do Not Publicly Disclose
    Please do not publicly disclose any vulnerabilities until we have had an opportunity to investigate and issue a fix.

  3. Acknowledgment
    We will acknowledge receipt of your report within 48 hours and provide an estimated timeline for resolution. Once the vulnerability has been resolved, we will notify you before publishing any fixes.

Vulnerability Handling Process

Upon receiving a security vulnerability report, we will:

  1. Investigate the report and verify the vulnerability.
  2. Develop a fix or workaround.
  3. Release a patch in a timely manner.
  4. Credit the reporter (if applicable and desired) in the release notes.

Security Best Practices

We encourage users of python-amazon-sp-api to follow these best practices to protect their systems:

  • Keep your environment and dependencies up to date.
  • Use secure authentication methods when accessing the Amazon SP-API.
  • Avoid hardcoding credentials in your source code or version control.
  • Regularly review and audit your usage of this library for security concerns.

Thank You

We value the efforts of the security community in helping keep this project safe and secure for everyone.