Inicio Explorar Axuda
Iniciar sesión
logic855
/
claude-mods
réplica de https://github.com/0xDarkMatter/claude-mods.git
1
0
Fork 0
Ficheiros Incidencias 0 Wiki
Rama: main
Ramas Etiquetas
claude-mods
/
skills
/
github-ops
/
assets
/
SECURITY.md.template

SECURITY.md.template 2.6 KB
Permalink Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. # Security Policy
    2. 

  2. 

  3. We take the security of this project seriously. Thank you for taking the time
    4. 

  4. to responsibly disclose any issues you find.
    5. 

  5. 

  6. ## Supported Versions
    7. 

  7. 

  8. Security updates are applied to the versions below. If you are running an
    9. 

  9. unsupported version, please upgrade before reporting.
    10. 

  10. 

  11. | Version | Supported          |
    12. 

  12. | ------- | ------------------ |
    13. 

  13. | latest  | :white_check_mark: |
    14. 

  14. | < latest| :x:                |
    15. 

  15. 

  16. > Adapt this table to your project's actual release line (e.g. `1.x`, `0.9.x`).
    17. 

  17. 

  18. ## Reporting a Vulnerability
    19. 

  19. 

  20. **Please do not report security vulnerabilities through public GitHub issues,
    21. 

  21. discussions, or pull requests.** Public disclosure before a fix is available
    22. 

  22. puts every user at risk.
    23. 

  23. 

  24. Instead, report privately using **GitHub's private vulnerability reporting**:
    25. 

  25. 

  26. 1. Go to the **Security** tab of this repository.
    27. 

  27. 2. Click **Report a vulnerability** (under *Advisories*).
    28. 

  28. 3. Fill in the form with the details below.
    29. 

  29. 

  30. If private vulnerability reporting is not available, email
    31. 

  31. **<security@example.com>** *(replace with your security contact)* instead.
    32. 

  32. 

  33. Please include:
    34. 

  34. 

  35. - A description of the vulnerability and its potential impact.
    36. 

  36. - Steps to reproduce (proof-of-concept, affected versions, configuration).
    37. 

  37. - Any known mitigations or workarounds.
    38. 

  38. 

  39. ## What to Expect
    40. 

  40. 

  41. | Stage                | Target                                            |
    42. 

  42. | -------------------- | ------------------------------------------------- |
    43. 

  43. | Acknowledgement      | within **3 business days** of your report         |
    44. 

  44. | Initial assessment   | within **7 business days**                        |
    45. 

  45. | Fix / status update  | we will keep you informed at least **every 14 days** until resolved |
    46. 

  46. | Public disclosure    | coordinated with you, typically after a fix ships |
    47. 

  47. 

  48. We will credit you in the advisory unless you ask to remain anonymous.
    49. 

  49. 

  50. ## Scope
    51. 

  51. 

  52. In scope:
    53. 

  53. 

  54. - The code in this repository and its official release artefacts.
    55. 

  55. - Supported versions listed above.
    56. 

  56. 

  57. Out of scope (typically):
    58. 

  58. 

  59. - Vulnerabilities in third-party dependencies — report those upstream, though
    60. 

  60.   we appreciate a heads-up so we can bump the dependency.
    61. 

  61. - Issues requiring physical access, social engineering, or a compromised
    62. 

  62.   developer machine.
    63. 

  63. - Denial of service from unrealistic resource exhaustion.
    64. 

  64. 

  65. ## Safe Harbor
    66. 

  66. 

  67. We will not pursue legal action against researchers who:
    68. 

  68. 

  69. - Make a good-faith effort to avoid privacy violations and service disruption.
    70. 

  70. - Report promptly and do not exploit the issue beyond what is needed to prove it.
    71. 

  71. - Do not disclose the issue publicly before a coordinated fix.
    72. 

  72. 

  73. Thank you for helping keep this project and its users safe.
    74.