|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## Reporting a Vulnerability |
| 4 | + |
| 5 | +We take the security of our project seriously. If you discover a vulnerability, we encourage you to report it responsibly so we can address it promptly. |
| 6 | + |
| 7 | +### How to Report |
| 8 | + |
| 9 | +1. Navigate to the **Security** tab of this repository. |
| 10 | +2. Click on **"Report a Vulnerability"** to open the GitHub Security Advisories form. |
| 11 | +3. Fill out the form with as much detail as possible, including: |
| 12 | + - A clear description of the issue. |
| 13 | + - Steps to reproduce the vulnerability. |
| 14 | + - The affected versions or components. |
| 15 | + - Any potential impact or severity details. |
| 16 | + |
| 17 | +Alternatively, you can send an email to **[security@lambdaclass.com](mailto:security@lambdaclass.com)** with the same details. |
| 18 | + |
| 19 | +### Guidelines for Reporting |
| 20 | + |
| 21 | +- **Do not publicly disclose vulnerabilities** until we have confirmed and fixed the issue. |
| 22 | +- Include any proof-of-concept code, if possible, to help us verify the vulnerability more efficiently. |
| 23 | +- If applicable, specify if the vulnerability is already being exploited. |
| 24 | + |
| 25 | +### Our Response Process |
| 26 | + |
| 27 | +- We commit to handling reports with diligence. |
| 28 | +- We will investigate all reported vulnerabilities thoroughly and transparently. |
| 29 | +- Once the vulnerability has been fixed, we will disclose the details publicly to ensure awareness and understanding. |
| 30 | + |
| 31 | + |
| 32 | +### Reward Program |
| 33 | + |
| 34 | +While we do not currently offer a formal bug bounty program, we value your contribution and will recognize your efforts in our changelog or release notes (if you consent). |
| 35 | + |
| 36 | +Thank you for helping us improve the security of our project! |
0 commit comments