Skip to content

Security: Vivancedata/learn

Security

SECURITY.md

Security Policy

VivanceData takes the security of our software and services seriously. This security policy outlines how we handle vulnerabilities and what you can expect when reporting security issues.

Reporting a Vulnerability

If you believe you've found a security vulnerability in any VivanceData-owned repository, please report it to us through the following channels:

Email: security@vivancedata.com

Subject line: [Security] Brief description of the issue

Please include the following information in your report:

  • Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
  • Full paths of source file(s) related to the manifestation of the issue
  • The location of the affected source code (tag/branch/commit or direct URL)
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue, including how an attacker might exploit the issue

Response Process

When you report a vulnerability to VivanceData:

  1. We will acknowledge receipt of your vulnerability report within 48 hours.
  2. Our security team will investigate and validate the issue.
  3. We will provide regular updates about our progress.
  4. Once the issue is resolved, we will notify you and recognize your contribution (if desired).

Disclosure Policy

  • VivanceData follows a coordinated disclosure model.
  • We request that you do not publicly disclose the vulnerability until we have released a fix.
  • We aim to resolve critical vulnerabilities within 30 days of verification.
  • After the vulnerability has been fixed, we will publish a security advisory through GitHub's security advisory feature.

Supported Versions

Version Supported
2.x.x
1.x.x
< 1.0

Only the latest minor release of each major version will receive security updates.

Security Best Practices for Our Projects

When using VivanceData projects, we recommend the following security best practices:

  1. Keep dependencies up to date with the latest security patches
  2. Use the latest stable version of our software
  3. Follow security guidelines provided in project documentation
  4. Implement proper authentication and authorization in your implementations
  5. Regularly audit your own code that integrates with our products

Security Measures

VivanceData implements the following security measures in our development process:

  • Regular security audits and dependency scanning
  • Static code analysis for common vulnerabilities
  • CI/CD pipeline with security checks
  • Peer code review for all changes
  • Regular security training for our development team

Thank you for helping us keep VivanceData and our users secure!

There aren’t any published security advisories