| Version | Supported |
|---|---|
| 1.0.0 | ✅ |
This document outlines the security policy for the FindIssues open source project that enables it's users to find most recent and un-assigned github issues with its advance search technique. The policy is intended to provide guidelines and procedures for reporting, triaging, and addressing security vulnerabilities in the project.
The security policy covers the codebase and documentation of the open source project.
The project will provide a dedicated email address rajanand9039@gmail.com for submitting vulnerability reports related to the FindIssues website or any of the linked websites. Vulnerability reports will be reviewed and triaged by the project's maintainers. The owner will aim to respond to vulnerability reports within 72 hours and will provide regular updates on the status of the vulnerability and any remediation efforts.
The maintainers are responsible for handling vulnerability reports and making decisions about how to address them. They will also work with contributors and external website owners to resolve the issue(s) as quickly as possible.
FindIssues will aim to resolve critical vulnerabilities within 30 days and non-critical vulnerabilities within 90 days. These deadlines may extend if additional time is needed to address the issue(s).
FindIssues will guide secure coding practices for contributors, including guidelines for input validation, authentication, authorization, and data protection.
The security policy will be regularly reviewed and updated to ensure that it remains effective and relevant. The maintainers will evaluate the vulnerability disclosure process, update secure coding guidelines, and revise the response timeline as needed.
FindIssues will follow a coordinated disclosure policy, which means that vulnerabilities will be disclosed publicly only after they have been remediated. The project may work with external website owners to coordinate the disclosure of vulnerabilities that affect their websites.
The security policy includes a legal disclaimer that limits the liability of the project maintainers and contributors for any security vulnerabilities or incidents that occur as a result of using FindIssues's website or any of the linked sources.
If you have any questions or concerns about the security policy or any security vulnerabilities in the project, please contact us at rajanand9039@gmail.com.
By implementing this security policy, we aim to ensure that vulnerabilities are addressed promptly and that users and contributors can use FindIssues and its linked sources safely and securely.