- Supported Versions
- Reporting security problems to sixcolors
- Security Point of Contact
- Incident Response Process
The table below shows the supported versions for Maintainer which include security updates.
| Version | Supported |
|---|---|
| >= 0.1.0 | ✅ |
DO NOT CREATE AN ISSUE to report a security problem. Instead, please
send us an e-mail at sixcolors@mac.com.
The security point of contact is sixcolors. sixcolors responds to security incident reports as fast as possible, within one business day at the latest.
In case an incident is discovered or reported, we will follow the following process to contain, respond and remediate:
The first step is to find out the root cause, nature and scope of the incident.
- Is still ongoing? If yes, first priority is to stop it.
- Is the incident outside of our influence? If yes, first priority is to contain it.
- Find out knows about the incident and who is affected.
- Find out what data was potentially exposed.
After the initial assessment and containment to our best abilities, we will document all actions taken in a response plan.
Once the incident is confirmed to be resolved, we will summarize the lessons learned from the incident and create a list of actions we will take to prevent it from happening again.
The sixcolors/upfwd requires 2FA authorization for all of it's maintainers.
We learn about critical software updates and security threats from these sources
- GitHub Security Alerts
- GitHub: https://status.github.com/ & @githubstatus