Skip to content

Security: yef-marcano/t4-testing-app

Security

SECURITY.md

Security Policy for T4 App

Reporting Security Vulnerabilities

We take the security of our project seriously and appreciate any efforts to responsibly disclose vulnerabilities. If you discover any security vulnerabilities or potential threats in our T4 App, please report them to our security team by emailing security@t4stack.com. We request that you provide us with sufficient information to reproduce the vulnerability, including steps to replicate, affected versions, and any additional details that may be helpful for our investigation.

Scope

This security policy applies to all versions of T4 App hosted on the official repository on GitHub.

Response Time

Our security team will make every effort to respond to your report promptly. We aim to acknowledge receipt of your vulnerability report within 10 business days and will provide an estimated timeline for when you can expect a resolution. We appreciate your patience and understanding as we work to address the issue.

Disclosure Policy

Once a vulnerability has been identified and confirmed, we will work towards resolving the issue in a responsible and timely manner. Our policy is to disclose the vulnerability to the public after a fix has been developed and released to address the issue. We will coordinate with you to ensure that the disclosure is made in a coordinated manner to protect users of T4 App.

Fix and Patching Process

Our team will prioritize the reported vulnerabilities based on their severity and impact on the project. We will develop and test patches to address the vulnerabilities and release them as soon as possible. The timeline for patching may vary depending on the complexity of the vulnerability and the availability of our team members.

Acknowledgment

We value and appreciate the efforts of individuals who responsibly disclose vulnerabilities to us. If you report a vulnerability, we will acknowledge your contribution unless you request to remain anonymous. If you wish to be publicly acknowledged for your discovery, please let us know when submitting your report.

Best Practices

To ensure the overall security of T4 App, we encourage all users, contributors, and maintainers to adhere to the following best practices:

  • Regularly update to the latest stable version of T4 App to benefit from security fixes and improvements.
  • Avoid incorporating code from untrusted or insecure sources.
  • Utilize secure coding practices, such as input validation, output encoding, and proper error handling.
  • Employ strong and unique passwords for all accounts associated with T4 App.
  • Report any security vulnerabilities responsibly and in accordance with this policy.
  • By following these best practices, we can collectively enhance the security posture of T4 App.

Note: This security policy is subject to change without notice. Please refer to the latest version available on the official repository for any updates or modifications.

Disclaimer: T4 App is licensed under the Apache License, Version 2.0. As such, it is provided "as is" without warranties or conditions of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The entire risk as to the quality and performance of T4 App is with you. In no event will the project contributors be liable for any damages resulting from the use of T4 App. Please review the full text of the Apache License, Version 2.0 for further details.

There aren’t any published security advisories