mirror of
https://github.com/opelly27/WinStudentGoalTracker.git
synced 2026-05-20 00:38:44 +00:00
Create SECURITY.md
This commit is contained in:
raulsagrado
+36
@@ -0,0 +1,36 @@
|
||||
# Security Policy
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you discover a security issue, please report it **privately**.
|
||||
|
||||
Email: rrosado6@gatech.edu
|
||||
Subject: SECURITY: <short description>
|
||||
|
||||
Include:
|
||||
- Description of the issue and impact
|
||||
- Steps to reproduce (POC if available)
|
||||
- Affected components
|
||||
- Screenshots or logs (if helpful)
|
||||
|
||||
Do not open public issues for security vulnerabilities.
|
||||
|
||||
## Response Timeline
|
||||
|
||||
- Acknowledgement within 2 business days
|
||||
- Triage and severity assessment within 5 business days
|
||||
- Fix or mitigation as soon as practical based on severity
|
||||
|
||||
## Responsible Disclosure
|
||||
|
||||
We support responsible security research conducted in good faith.
|
||||
Please avoid service disruption, data exfiltration beyond proof-of-concept, or privacy violations.
|
||||
|
||||
Public disclosure should occur only after a fix or mitigation is available.
|
||||
|
||||
## Security Expectations
|
||||
|
||||
- Enforce server-side authorization (RBAC)
|
||||
- Protect sensitive data in transit (TLS)
|
||||
- Log and audit critical actions
|
||||
- Review code before merging
|
||||
Reference in New Issue
Block a user