mirror of
https://github.com/DeveloLongScript/MHSF.git
synced 2026-05-07 18:24:58 -05:00
27 lines
1.2 KiB
Markdown
27 lines
1.2 KiB
Markdown
# Security Policy
|
|
This is the security notice for MHSF. The policy explains how vulnerabilities should be reported.
|
|
|
|
## Reporting a Vulnerability
|
|
If you've found a vulnerability, we would like to know so we can fix it before it is released publicly. **Do not open a GitHub issue for a found vulnerability.**
|
|
|
|
Send details to either *a)* `support@mhsf.app` or *b)* GitHub Security (`Security` tab -> `Report a vulnerability`) including:
|
|
|
|
- the website, page or repository where the vulnerability can be observed
|
|
- a brief description of the vulnerability
|
|
- optionally the type of vulnerability and any related [OWASP category](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2017_Project)
|
|
- non-destructive exploitation details
|
|
|
|
We will do our best to reply as fast as possible.
|
|
|
|
## Scope
|
|
The following vulnerabilities are not in scope:
|
|
|
|
- volumetric vulnerabilities, for example overwhelming a service with a high volume of requests
|
|
- reports indicating that our services do not fully align with "best practice", for example missing security headers
|
|
|
|
If you aren't sure, you can still reach out via email or direct message.
|
|
|
|
---
|
|
|
|
This notice is inspired by the [Python Discord Security Notice](https://www.pythondiscord.com/pages/security-notice/).
|