Skip to content

Latest commit

 

History

History
46 lines (29 loc) · 1.55 KB

SECURITY.md

File metadata and controls

46 lines (29 loc) · 1.55 KB

Security Policy

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
latest
< latest

Reporting a Vulnerability

How to Report

If you discover a security vulnerability within this project, please report it by sending an email to security-eipm@med.cornell.edu. Do not create a GitHub issue for security vulnerabilities.

What to include

In your report, please include:

  • A description of the vulnerability.
  • Steps to reproduce the issue.
  • Any relevant logs or screenshots.

Expectations

After submitting a vulnerability report, you can expect:

  1. An acknowledgment of receipt of the report within 48 hours.
  2. A detailed plan for mitigating the vulnerability.
  3. Updates on the progress of the mitigation.

Disclosure Policy

When a security vulnerability is reported, this project follows the following disclosure policy:

  1. The project maintainers will confirm the vulnerability and determine its severity.
  2. A security advisory will be opened on GitHub to discuss and fix the issue.
  3. Once a fix is implemented and tested, a new release will be published.
  4. The security advisory will be closed, and details about the vulnerability as well as the mitigation will be disclosed.

Comments on this Policy

If you have suggestions on how this process could be improved, please submit a pull request.