From 3e3bf19cc2786f6d2cff29fa2aa6e3c30ef04792 Mon Sep 17 00:00:00 2001 From: Wichtelmudder Date: Tue, 6 May 2025 13:29:03 +0200 Subject: [PATCH] docs: added a security policy --- SECURITY.md | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..9e4e1e4 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,65 @@ +# Security Policy + +This document outlines the process for responsibly reporting security vulnerabilities in the **robotframework-PlatynUI** project. We value the security of our users and contributors, and we appreciate your efforts to help us maintain a secure project environment. + +## Scope + +This Security Policy applies to all publicly available code within the **robotframework-PlatynUI** repository. It covers vulnerabilities in: + +- The source code contained in this repository. +- Any documentation or website content hosted as part of the project. +- Dependencies and related tools that are part of the project distribution. + +## Reporting a Vulnerability + +If you believe you have identified a security vulnerability, please follow these steps: + +1. **Do Not Publicly Disclose the Vulnerability** + Please refrain from discussing, disclosing, or committing any details of the vulnerability publicly. We request that you keep this information confidential while we work to resolve the issue. + +2. **Submit Your Report** + Send a detailed report to the project maintainers by email at: + `testautomatisierung@imbus.de` + + Your report should include: + - A clear description of the vulnerability. + - Steps to reproduce the issue. + - The potential impact of the vulnerability. + - Any suggested fixes or additional information that can help us diagnose and resolve the issue. + +3. **Provide Necessary Context** + Include information about your testing environment, such as: + - Operating system, software version, and any other relevant dependencies. + - How the vulnerability was discovered or its potential triggers. + +## Vulnerability Response Process + +- **Acknowledgment:** + Upon receiving your report, the maintainers will acknowledge receipt within five business days. +- **Investigation:** + We will promptly investigate the report and strive to provide updates regarding the status and proposed fix as soon as practicable. +- **Resolution:** + Once the vulnerability is confirmed, a patch or appropriate remediation will be made available. +- **Disclosure:** + After resolution, a public disclosure may be issued to provide details of the vulnerability and instructions for upgrading, if necessary. We will work with you to ensure responsible disclosure practices are maintained. + +## Guidelines for Responsible Disclosure + +- **Cooperation:** + We appreciate your cooperation in providing us the necessary time to investigate and address the reported vulnerability. +- **Sensitivity:** + If you believe that your communication has been mishandled or require further discussion about the security details, please contact us at the provided email address. +- **Legal Considerations:** + By choosing to report in good faith, you agree to our use of this information to improve the security of the **robotframework-PlatynUI** project. We do not take any action that may compromise your confidentiality. + +## Exclusions + +This policy does not cover: +- Issues that are primarily aesthetic or minor bugs with no direct security impact. +- Vulnerabilities within third-party software unless integrated directly as a dependency in the project. + +## Final Note + +Your efforts are highly appreciated as they help to keep the project secure and protect our users. We thank you for your contribution and responsible approach in handling security matters. + +---