mirror of
https://github.com/pocketpy/pocketpy
synced 2026-03-22 05:00:17 +00:00
Security policy added
This commit is contained in:
Baala-Murugan-K
parent
a3d69ae528
commit
d4e1361e18
38
security.md
38
security.md
@ -1,38 +0,0 @@
|
|||||||
# Security Policy
|
|
||||||
|
|
||||||
## Reporting a Vulnerability
|
|
||||||
|
|
||||||
If you discover a security vulnerability in pocketpy, please report it responsibly.
|
|
||||||
|
|
||||||
Do NOT open a public GitHub issue for security-sensitive bugs.
|
|
||||||
|
|
||||||
Instead, report the issue privately by contacting the maintainers with:
|
|
||||||
|
|
||||||
- A clear description of the vulnerability
|
|
||||||
- Steps to reproduce the issue
|
|
||||||
- A minimal proof-of-concept (if possible)
|
|
||||||
- Environment details (OS, compiler, version, build flags)
|
|
||||||
|
|
||||||
Examples of security issues include:
|
|
||||||
|
|
||||||
- Heap-buffer-overflow
|
|
||||||
- Stack-buffer-overflow
|
|
||||||
- Use-after-free
|
|
||||||
- Out-of-bounds read/write
|
|
||||||
- Crashes triggered by crafted input
|
|
||||||
|
|
||||||
## Response Process
|
|
||||||
|
|
||||||
After receiving a report, maintainers may:
|
|
||||||
|
|
||||||
1. Confirm and reproduce the issue
|
|
||||||
2. Investigate and prepare a fix
|
|
||||||
3. Release a patched version
|
|
||||||
4. Publicly disclose the issue after it is resolved
|
|
||||||
|
|
||||||
Please allow reasonable time for investigation and remediation before public disclosure.
|
|
||||||
|
|
||||||
## Supported Versions
|
|
||||||
|
|
||||||
Security fixes are typically applied to the latest development version.
|
|
||||||
Older versions may not receive patches.
|
|
||||||
Loading…
x
Reference in New Issue
Block a user