mirror of
https://github.com/opelly27/WinStudentGoalTracker.git
synced 2026-05-20 00:38:44 +00:00
Create SECURITY.md
This commit is contained in:
raulsagrado
+36
@@ -0,0 +1,36 @@
|
|||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
If you discover a security issue, please report it **privately**.
|
||||||
|
|
||||||
|
Email: rrosado6@gatech.edu
|
||||||
|
Subject: SECURITY: <short description>
|
||||||
|
|
||||||
|
Include:
|
||||||
|
- Description of the issue and impact
|
||||||
|
- Steps to reproduce (POC if available)
|
||||||
|
- Affected components
|
||||||
|
- Screenshots or logs (if helpful)
|
||||||
|
|
||||||
|
Do not open public issues for security vulnerabilities.
|
||||||
|
|
||||||
|
## Response Timeline
|
||||||
|
|
||||||
|
- Acknowledgement within 2 business days
|
||||||
|
- Triage and severity assessment within 5 business days
|
||||||
|
- Fix or mitigation as soon as practical based on severity
|
||||||
|
|
||||||
|
## Responsible Disclosure
|
||||||
|
|
||||||
|
We support responsible security research conducted in good faith.
|
||||||
|
Please avoid service disruption, data exfiltration beyond proof-of-concept, or privacy violations.
|
||||||
|
|
||||||
|
Public disclosure should occur only after a fix or mitigation is available.
|
||||||
|
|
||||||
|
## Security Expectations
|
||||||
|
|
||||||
|
- Enforce server-side authorization (RBAC)
|
||||||
|
- Protect sensitive data in transit (TLS)
|
||||||
|
- Log and audit critical actions
|
||||||
|
- Review code before merging
|
||||||
Reference in New Issue
Block a user