mirror of
https://github.com/pocketpy/pocketpy
synced 2026-03-22 05:00:17 +00:00
Security policy added
This commit is contained in:
Baala-Murugan-K
parent
a3d69ae528
commit
d4e1361e18
38
security.md
38
security.md
@ -1,38 +0,0 @@
|
||||
# Security Policy
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you discover a security vulnerability in pocketpy, please report it responsibly.
|
||||
|
||||
Do NOT open a public GitHub issue for security-sensitive bugs.
|
||||
|
||||
Instead, report the issue privately by contacting the maintainers with:
|
||||
|
||||
- A clear description of the vulnerability
|
||||
- Steps to reproduce the issue
|
||||
- A minimal proof-of-concept (if possible)
|
||||
- Environment details (OS, compiler, version, build flags)
|
||||
|
||||
Examples of security issues include:
|
||||
|
||||
- Heap-buffer-overflow
|
||||
- Stack-buffer-overflow
|
||||
- Use-after-free
|
||||
- Out-of-bounds read/write
|
||||
- Crashes triggered by crafted input
|
||||
|
||||
## Response Process
|
||||
|
||||
After receiving a report, maintainers may:
|
||||
|
||||
1. Confirm and reproduce the issue
|
||||
2. Investigate and prepare a fix
|
||||
3. Release a patched version
|
||||
4. Publicly disclose the issue after it is resolved
|
||||
|
||||
Please allow reasonable time for investigation and remediation before public disclosure.
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Security fixes are typically applied to the latest development version.
|
||||
Older versions may not receive patches.
|
||||
Loading…
x
Reference in New Issue
Block a user