Security
This document outlines the security policy for the MyDocs project.
Supported Versions
We provide security updates for the following versions of MyDocs:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
| < 0.1.0 | ❌ |
Reporting a Vulnerability
How to Report a Security Issue
We take all security vulnerabilities seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
To report a security issue, please email us at arihantjain132407+github@gmail.com with the subject line "[MyDocs] Security Vulnerability Report".
What to Include in Your Report
- A description of the vulnerability
- Steps to reproduce the issue
- The version of the software affected
- Any special configuration required to reproduce the issue
- Proof-of-concept or exploit code (if available)
- Impact of the issue, including how an attacker might exploit the issue
Our Security Process
- We will acknowledge receipt of your report within 3 business days
- We will confirm the issue and determine the affected versions
- We will investigate the issue and determine the impact and criticality
- We will apply fixes to the codebase and prepare a new release
- We will publicly disclose the vulnerability in the release notes
Vulnerability Disclosure Policy
When the security team confirms a vulnerability, we will take the following actions:
- Acknowledge to the reporter that we've received the report
- Work on a fix in a private repository
- Prepare a public disclosure
- Release a new version with the fix
- Publicly announce the vulnerability and the fix
Bug Bounty
At this time, we do not offer a paid bug bounty program. However, we are happy to recognize security researchers who responsibly disclose security issues by adding them to our Acknowledgements section.
Security Updates and Alerts
Subscribe to our GitHub repository to receive security updates for MyDocs. For critical security issues, we will also publish security advisories on our GitHub repository.
Security Best Practices
For Users
- Always keep your dependencies up to date
- Follow the principle of least privilege
- Use strong, unique passwords for all services
- Enable two-factor authentication where available
- Regularly audit your access controls and permissions
For Developers
- Follow secure coding practices
- Keep all dependencies up to date
- Use automated security scanning tools
- Implement proper input validation
- Regularly review and update security configurations
- Test security measures regularly
- Use secure communication protocols (HTTPS, SSH, etc.)
- Keep security tools and antivirus software up to date