|
8 | 8 |
|
9 | 9 | ## Reporting a Vulnerability |
10 | 10 |
|
11 | | -We take the security of Code Review Guardian seriously. If you believe you have found a security vulnerability, please report it to us as described below. |
| 11 | +We take the security of CodeReviewGuardian seriously. If you believe you have found a security vulnerability, please report it privately: |
12 | 12 |
|
13 | | -### How to Report |
| 13 | +- **Email**: hectorfranco@nowo.tech |
| 14 | +- **Do not** open a public GitHub issue for security-sensitive bugs. |
14 | 15 |
|
15 | | -**Please do not report security vulnerabilities through public GitHub issues.** |
| 16 | +Please include: |
16 | 17 |
|
17 | | -Instead, please send an email to: **hectorfranco@nowo.tech** |
| 18 | +- Type of issue (e.g., injection, XSS, auth bypass, deserialization risk, etc.) |
| 19 | +- Affected file(s) and version/tag/commit |
| 20 | +- Steps to reproduce |
| 21 | +- Impact assessment |
| 22 | +- PoC (if available) |
18 | 23 |
|
19 | | -Include the following information in your report: |
| 24 | +## Response Timeline |
20 | 25 |
|
21 | | -- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.) |
22 | | -- Full paths of source file(s) related to the issue |
23 | | -- The location of the affected source code (tag/branch/commit or direct URL) |
24 | | -- Any special configuration required to reproduce the issue |
25 | | -- Step-by-step instructions to reproduce the issue |
26 | | -- Proof-of-concept or exploit code (if possible) |
27 | | -- Impact of the issue, including how an attacker might exploit it |
| 26 | +- Initial acknowledgment: within 48 hours |
| 27 | +- Follow-up status: within 7 days |
| 28 | +- Resolution: depends on complexity and impact |
28 | 29 |
|
29 | | -### Response Timeline |
30 | | - |
31 | | -- **Initial Response**: Within 48 hours |
32 | | -- **Status Update**: Within 7 days |
33 | | -- **Resolution**: Varies depending on complexity |
34 | | - |
35 | | -### Disclosure Policy |
36 | | - |
37 | | -- We will confirm receipt of your vulnerability report |
38 | | -- We will work with you to understand and validate the issue |
39 | | -- We will develop and release a fix as quickly as possible |
40 | | -- We will publicly acknowledge your responsible disclosure (if desired) |
41 | | - |
42 | | -## Preferred Languages |
43 | | - |
44 | | -We prefer all communications to be in English or Spanish. |
45 | | - |
46 | | -## Contact |
47 | | - |
48 | | -- **Maintainer**: [Héctor Franco Aceituno](https://github.com/HecFranco) |
49 | | -- **Organization**: [nowo-tech](https://github.com/nowo-tech) |
| 30 | +## Disclosure Policy |
50 | 31 |
|
| 32 | +- We confirm receipt and validate the report. |
| 33 | +- We prepare and publish a fix as soon as possible. |
| 34 | +- We coordinate disclosure with the reporter. |
| 35 | +- We credit responsible disclosure (unless anonymity is requested). |
0 commit comments