Skip to content

Security: sebastienrousseau/shokunin

.github/SECURITY.md

Security

We take the security of our software products and services seriously, which includes all source code repositories managed through our GitHub repositories.

Contact Information

To report a security vulnerability, please use the following email address: [email protected].

We accept reports in the following languages:English or French.

Reporting Security Issues

When reporting a security issue, please include as much of the following information as possible to help us understand the nature and scope of the possible issue:

  • Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
  • Full paths of source file(s) related to the manifestation of the issue
  • The location of the affected source code (tag/branch/commit or direct URL)
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue, including how an attacker might exploit it
  • This information will help us triage your report more quickly.

Response Time

We aim to acknowledge receipt of your vulnerability report within 48 hours and will strive to keep you informed of the progress we're making toward resolving the issue.

Disclosure Policy

Once we've resolved a reported security issue, we may disclose it publicly. We will coordinate the disclosure with the person who reported the issue to ensure that they are credited for their discovery.

Acknowledgments

We will publicly thank security researchers who follow this responsible disclosure policy, recognizing their contributions in our 'Hall of Fame' or 'Thank You' page.

Safe Harbour

We promise not to initiate legal action against researchers for disclosing vulnerabilities as long as they adhere to responsible disclosure guidelines, which includes reporting it to us and not publicly disclosing the issue until we've had a reasonable time to address it.

There aren’t any published security advisories