Skip to content

Security: hockyy/miteiru

Security

SECURITY.md

Security Policy

Supported Versions

We only provide security support for the latest released version of Miteiru (見ている). Versions below the latest release are not supported and will not receive security updates or patches.

Note: Users running unsupported versions are strongly encouraged to upgrade to the latest stable release to ensure they receive the most recent security updates and features.

Reporting a Vulnerability

Your security is important to us. If you discover a security vulnerability in Miteiru (見ている), please follow these guidelines to report it responsibly:

1. Assess the Severity

  • Major Vulnerabilities: Issues that could be exploited in a way that poses significant risk to users or the integrity of the application.
  • Non-Major Vulnerabilities: Issues that are unlikely to be exploited or pose minimal risk.

2. Preferred Reporting Method

  • For Major Vulnerabilities:
    • Report Privately: Please report major vulnerabilities privately to ensure they are addressed promptly and do not pose ongoing risks.
    • Email: its@hocky.id
  • For Non-Major Vulnerabilities:
    • Optional Public Disclosure: If you believe the vulnerability is not major and cannot be exploited in a dangerous manner, you may choose to disclose it publicly. However, we strongly encourage you to follow the private reporting method to maintain the security and trust of our community.

3. Provide Necessary Details

When reporting an incident, please include the following information:

  • Description: A detailed description of the vulnerability.
  • Affected Versions: Specify the version(s) of Miteiru (見ている) impacted.
  • Reproduction Steps: Step-by-step instructions to reproduce the issue.
  • Evidence: Any relevant logs, screenshots, or other evidence that can help in diagnosing the issue.

4. Response Time

  • Acknowledgment: You will receive an acknowledgment of your report within 48 hours.
  • Resolution Timeline: Upon confirmation, we aim to release a patch as soon as possible, typically within a few weeks, depending on the complexity of the vulnerability.

Our Commitment

  • Prompt Acknowledgment: We acknowledge receipt of vulnerability reports and commit to addressing them diligently.
  • Confidentiality: All vulnerability reports will be handled with the utmost confidentiality. We will not disclose your identity or any sensitive information without your explicit permission.
  • Transparency: Once a vulnerability is addressed, we will transparently communicate the fix to our users and community members.

Additional Guidelines

  • Responsible Disclosure: Please refrain from disclosing the vulnerability publicly until a patch has been released, unless you have received explicit permission from the maintainers.
  • Respect: Engage respectfully and constructively when reporting vulnerabilities. We value your contribution to making Miteiru (見ている) secure and robust.

Enforcement Guidelines

Community leaders will follow these Community Impact Guidelines in determining the consequences for any actions they deem in violation of this Security Policy:

1. Correction

Community Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.

Consequence: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.

2. Warning

Community Impact: A violation through a single incident or series of actions.

Consequence: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Security Policy, for a specified period of time. Violating these terms may lead to a temporary or permanent ban.

3. Temporary Ban

Community Impact: A serious violation of community standards, including sustained inappropriate behavior.

Consequence: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Security Policy, is allowed during this period. Violating these terms may lead to a permanent ban.

4. Permanent Ban

Community Impact: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.

Consequence: A permanent ban from any sort of public interaction within the community.

Attribution

This Security Policy is inspired by best practices in the open-source community and tailored specifically for the Miteiru (見ている) project.

There aren’t any published security advisories