Skip to content

Recidiviz/.githhub

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
SECURITY.md
SECURITY.md
 
 

Repository files navigation

Security Policy

Reporting a Vulnerability

We take the security of our project seriously. We appreciate your efforts to responsibly disclose vulnerabilities and we will make every effort to acknowledge your contributions.

If you believe you have found a security vulnerability in this project, please report it to us as soon as possible. We encourage you to use one of the following methods:

1. Private Vulnerability Reporting (Recommended)

For sensitive issues, the most secure way to report a vulnerability is to use GitHub's private vulnerability reporting feature. This allows you to privately report a vulnerability to the repository maintainers.

  • On the repository page, navigate to the Security tab.
  • Click Advisories and then New draft security advisory.
  • Fill out the form with details of the vulnerability.

This is the preferred method as it ensures the report is immediately private and only visible to project maintainers.

2. Direct Email

If private vulnerability reporting is not an option, you can send an email to security@recidiviz.org Please include a detailed description of the vulnerability, including:

  • A clear and concise description of the vulnerability.
  • Steps to reproduce the vulnerability.
  • Any proof-of-concept code or exploits.
  • Potential impact of the vulnerability.

We kindly request that you do not publicly disclose the vulnerability until we have had a chance to address it. We will acknowledge your report within a few business days and will work with you to understand and fix the issue.

Supported Versions

To ensure a secure experience for all users, we provide security updates for specific versions of our software. We recommend that you always use the latest supported version.

The following table outlines which versions are currently receiving security support.

Version Supported Status
v2.x.x Actively supported
v1.x.x No longer supported
< older versions > No longer supported

If you are using a version that is no longer supported, we highly recommend upgrading to a supported version to receive critical security patches.

Security Audit and Bounty Program

We are committed to continuous security improvement. We may periodically engage third-party security firms to conduct audits of our codebase.

Public Disclosure

Thank you for helping us keep this project secure.

About

Adds Security.md file to all public repositiories

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors