dvelo/mhsf-dev
1
0
Fork 0
mirror of https://github.com/DeveloLongScript/MHSF.git synced 2026-05-07 12:05:00 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Create SECURITY.md

Browse Source
This commit is contained in:
dvelo 2025-03-12 23:00:47 -05:00 committed by GitHub
parent 695bf0fbee
commit fbd98a0616
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
SECURITY.md Normal file
View File

@ -0,0 +1,26 @@
# Security Policy
This is the security notice for MHSF. The policy explains how vulnerabilities should be reported.
## Reporting a Vulnerability
If you've found a vulnerability, we would like to know so we can fix it before it is released publicly. **Do not open a GitHub issue for a found vulnerability.**
Send details to either *a)* `support@mhsf.app` or *b)* GitHub Security (`Security` tab -> `Report a vulnerability`) including:
- the website, page or repository where the vulnerability can be observed
- a brief description of the vulnerability
- optionally the type of vulnerability and any related [OWASP category](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2017_Project)
- non-destructive exploitation details
We will do our best to reply as fast as possible.
## Scope
The following vulnerabilities are not in scope:
- volumetric vulnerabilities, for example overwhelming a service with a high volume of requests
- reports indicating that our services do not fully align with "best practice", for example missing security headers
If you aren't sure, you can still reach out via email or direct message.
---
This notice is inspired by the [Python Discord Security Notice](https://www.pythondiscord.com/pages/security-notice/).