Skip to content

Latest commit

 

History

History
43 lines (22 loc) · 2.88 KB

SECURITY.md

File metadata and controls

43 lines (22 loc) · 2.88 KB

Security Policy

Introduction

This document outlines the security policy for the LinksHub open source project that provides links to websites for courses across the internet. The policy is intended to provide guidelines and procedures for reporting, triaging, and addressing security vulnerabilities in the project.

Scope

The security policy covers the codebase and documentation of the open source project, as well as the external links to websites for courses.

Vulnerability Disclosure Process

The project will provide a dedicated email address ([email protected]) for submitting vulnerability reports related to the LinksHub website or any of the linked websites. Vulnerability reports will be reviewed and triaged by the project's maintainers. The owner will aim to respond to vulnerability reports within 72 hours and will provide regular updates on the status of the vulnerability and any remediation efforts.

Roles and Responsibilities

The maintainers are responsible for handling vulnerability reports and making decisions about how to address them. They will also work with contributors and external website owners to resolve the issue(s) as quickly as possible.

Response Timeline

LinksHub will aim to resolve critical vulnerabilities within 30 days and non-critical vulnerabilities within 90 days. These deadlines may extend if additional time is needed to address the issue(s).

Secure Coding Practices

LinksHub will guide secure coding practices for contributors, including guidelines for input validation, authentication, authorization, and data protection.

Regular Review and Update

The security policy will be regularly reviewed and updated to ensure that it remains effective and relevant. The maintainers will evaluate the vulnerability disclosure process, update secure coding guidelines, and revise the response timeline as needed.

Disclosure Policy

LinksHub will follow a coordinated disclosure policy, which means that vulnerabilities will be disclosed publicly only after they have been remediated. The project may work with external website owners to coordinate the disclosure of vulnerabilities that affect their websites.

Legal Disclaimer

The security policy includes a legal disclaimer that limits the liability of the project maintainers and contributors for any security vulnerabilities or incidents that occur as a result of usingLinksHub's website or any of the linked sources.

Contact Information

If you have any questions or concerns about the security policy or any security vulnerabilities in the project, please contact us at [email protected].

By implementing this security policy, we aim to ensure that vulnerabilities are addressed promptly and that users and contributors can use Linkshub and its linked sources safely and securely.