Skip to content

Security: TanvirOnGH/flex

SECURITY.md

Security Policy

Reporting Security Vulnerabilities

If you believe you have found a security vulnerability in [Your Project Name], we encourage you to report it to us responsibly. Please follow these guidelines:

  • Do not publicly disclose the vulnerability until we've had a chance to address it.
  • Do not exploit the vulnerability for malicious purposes.
  • Submit your findings to our security team by creating a new issue with the label "security".

Disclosure Process

When you report a security vulnerability, we will:

  • Acknowledge your report within a specified timeframe.
  • Work with you to understand the issue and its impact.
  • Keep you informed about the progress and resolution of the issue.
  • Credit you for your responsible disclosure (if desired).

Scope

We're interested in vulnerabilities that directly affect the security of [Your Project Name]. This may include, but is not limited to:

  • Remote code execution
  • SQL injection
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Authentication or authorization vulnerabilities
  • Server or application misconfigurations that could lead to security issues

Out of Scope

Please note that we are not interested in vulnerabilities that are not related to the security of the project, including:

  • Social engineering attacks
  • Denial of service (DoS) vulnerabilities
  • Vulnerabilities in dependencies or third-party services

Rewards

To show our appreciation for responsible disclosure, we may offer rewards through our Bug Bounty program. The rewards will be determined based on the severity and impact of the vulnerability.

We appreciate your help in keeping [Your Project Name] secure. Thank you for contributing to the safety and integrity of our project and its community.

There aren’t any published security advisories