-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
44 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
# Security Policy for vue3-steppy | ||
|
||
## Commitment | ||
|
||
The `vue3-steppy` is committed to ensuring the security of everyone using it. The security of the project is of very importance and any contributions that improve the security of the application are welcome. | ||
|
||
## Reporting a Vulnerability | ||
|
||
If you believe you have found a security vulnerability in `vue3-steppy`, you are encouraged to create a report as soon as possible. All legitimate reports will be investigated to provide a quick fix. Please follow these guidelines when reporting a vulnerability: | ||
|
||
### How to Report a Security Vulnerability? | ||
|
||
- **Email**: Please send an email to the [owner](mailto:mkonstan.1998@gmail.com). | ||
- **GitHub Issue**: It's recommended not to report security vulnerabilities through GitHub issues as they are public. Please use the email address provided. | ||
|
||
### What to Include in Your Report? | ||
|
||
Please provide as much information as possible about the vulnerability, including: | ||
- A clear description of the issue. | ||
- Steps to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful). | ||
- Any potential impacts of the vulnerability. | ||
- Any suggestions for fixing the vulnerability. | ||
|
||
### What to Expect After You Report? | ||
|
||
- An acknowledge receipt of your report within 24 hours. | ||
- An initial assessment of the report within 3 business days. | ||
- Possible contact for further information if necessary. | ||
- Once the vulnerability is confirmed, a fix and release will be scheduled as quickly as feasible. | ||
- You will be informed about the progress. | ||
|
||
## Policy Updates | ||
|
||
This security policy may be updated from time to time. The most current version will always be posted on the GitHub repository. | ||
|
||
## Out-of-Scope Vulnerabilities | ||
|
||
Please note that the following issues are considered out of scope for the security vulnerability reporting: | ||
- Descriptive error messages (e.g., Stack Traces, application or server errors). | ||
- HTTP 404 codes/pages or other HTTP non-200 codes/pages. | ||
- Fingerprinting/banner disclosure on common/public services. | ||
- Disclosure of known public files or directories, (e.g., robots.txt). | ||
|
||
Your efforts are appreciated to responsibly disclose your findings and will make every effort to acknowledge your contributions. |