Skip to content

Security: PyCeas/Pyceas

Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Current Development Status

This project is currently in active development, and we have not yet released an official version.

  • ALl updates, including bug fixes and security pataches, are applied to the latest codebase in the default branch (main).
  • Once a version system is introduced, supported versions will be documented here.

Reporting a Vulnerability

If you discover a security vulnerability, we encourage you to report it responsibly. Here's how:

  1. Email us directly: We use ProtonMail, a secure, privacy-focues email provider, to handle all security communications. Your messages are encryped in transit for added privacy. Send a detailed report to our security team at [email protected].

    What to incluce:

    • A clear description of the vulnerability.
    • Steps to reporoduce the issue.
    • Any relevant information (e.g., logs, screenshots, or code snippets).

  2. Use GitHub Security Advisories: If you prefer not to use email, you can report vulnerabilies privately through GitHub's built-in Security Advisories.

Optional: For extra privacy, you may encrypt your email using our public PGB key. Download PGB key

Including Visual Proof (Optional)

If possible, include a GIF or short video to visually demonstrate the vulnerability. This can help us quickly understand and address the issue.

Recommended Tools:

  • LICEcap: Free tool for creating GIFs on Windows and macOS.
  • Peek: A Linux-friendly alternative.

Tip: When creating a GIF, make sure to capture clear steps showing the issue. Limit sensitive data (e.g., API keys or passwords) in your recordings.

Response Time

  • Acknowledgment: We will confirm receipt of your report within 48 hours.
  • Resolution Plan: We will work to investigate, fix, and test the issue promptly.

Public Disclosure Policy

  • Vulnerabilities will not be disclosed publicly until a fix is implemented.
  • Coordinated disclosure with the reporter will be prioritized.
  • Fixes will be communicated in release notes or through a GitHub security advisory.

Examples of Vulnerabilities to Report

Please report:

  • Issues that could compromise data security, user privacy, or project integrity.
  • Authentication, authorization, or privilege escalation flaws.
  • Code injection, buffer overflows, or similar exploits.

Please do not report:

Thank you for helping us build a secure and trustworthy project! 😊

There aren’t any published security advisories