Skip to content
This repository has been archived by the owner on Feb 16, 2025. It is now read-only.

Security: micrajs/community

Security

SECURITY.md

Security

Scope

This security policy applies to the Micra Framework's core components, plugins, and any official repositories maintained by the Micra team. Community-maintained repositories are encouraged to follow similar practices but are not covered under this policy.

Reporting a Vulnerability

At Micra, the security of our framework and its users is a top priority. If you discover a vulnerability or security issue, we encourage you to report it to us responsibly. To do so, please follow these steps:

  1. Contact Us: Email the details of the vulnerability to [[email protected]].
  2. Provide Information:
    • Description of the vulnerability.
    • Steps to reproduce the issue, if applicable.
    • Any potential impacts or risks.
    • Your contact information for follow-up questions.

We will acknowledge receipt of your report within 48 hours and provide progress updates every 7 days until the issue is resolved.

Security Update Policy

  1. Acknowledgment: All valid security reports will be acknowledged within 48 hours.
  2. Assessment: We will assess the issue's impact and categorize its severity (e.g., critical, high, medium, low).
  3. Resolution: Fixes for critical vulnerabilities will be released as soon as possible, with timelines adjusted based on severity.
  4. Disclosure: Vulnerabilities and their fixes will be transparently disclosed in release notes and through a dedicated security advisories page.

Responsible Disclosure

We appreciate researchers and developers who practice responsible disclosure. To ensure the community remains secure, we kindly request that:

  • You give us sufficient time to resolve the issue before publicly disclosing it. For critical vulnerabilities, we request at least 30 days for resolution.
  • You avoid exploiting the vulnerability or sharing details with anyone outside the reporting process.

To recognize your contributions, we may include your name in our "Hall of Fame" for critical vulnerability discoveries.

Security Best Practices

To help contributors minimize security risks, we recommend the following:

  • Regularly update dependencies and perform security checks.
  • Follow secure coding guidelines and best practices.
  • Avoid hardcoding sensitive information in codebases.

Resources

If you have questions or need further assistance, don’t hesitate to reach out to [[email protected]].

There aren’t any published security advisories