This project is a personal portfolio website. Security updates are applied to the latest version only.
| Version | Supported |
|---|---|
| Latest | β |
| Older | β |
If you discover a security vulnerability in this portfolio website, please report it responsibly:
- Email: DeviScript@gmail.com
- Subject: [SECURITY] Vulnerability Report - Portfolio Website
Please include the following information in your report:
- Description: Clear description of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Impact: Potential impact and severity
- Proof of Concept: If applicable, include a PoC (please be responsible)
- Suggested Fix: If you have ideas for a fix, please share them
- Initial Response: Within 48 hours
- Status Update: Within 1 week
- Resolution: Depending on severity, typically within 2-4 weeks
Please follow responsible disclosure practices:
- Do not publicly disclose the vulnerability until it has been addressed
- Do not access, modify, or delete data that is not your own
- Do not perform any actions that could harm the website or its users
- Do not use automated tools that generate excessive traffic
If you responsibly report a valid security vulnerability:
- Your contribution will be acknowledged (with your permission)
- You will be credited in the security acknowledgments
- I will work with you to ensure proper resolution
This website implements several security best practices:
- Content Security Policy (CSP): Implemented via Next.js
- HTTPS Only: All connections secured
- XSS Protection: React's built-in XSS protection
- Secure Headers: Set via Next.js configuration
- Regular Updates: Dependencies are regularly updated
- Vulnerability Scanning: Automated security checks
- Minimal Attack Surface: Only necessary dependencies included
- Environment Variables: Sensitive data properly managed
- Secure Deployment: Following platform security best practices
- Access Controls: Proper authentication and authorization
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Injection attacks
- Sensitive data exposure
- Insecure dependencies
The following are typically not considered security vulnerabilities for this portfolio website:
- Missing security headers on non-sensitive pages
- Social engineering attacks
- Physical access to devices
- Issues requiring user interaction with malicious content
I am committed to working with security researchers and the community to maintain the security of this website. Your responsible disclosure helps make the web safer for everyone.
For urgent security matters that require immediate attention:
- Email: DeviScript@gmail.com (mark as URGENT SECURITY)
Thank you for helping keep this portfolio website secure! π