At AiPals, we take security very seriously. Ensuring the integrity of our projects and protecting the privacy and safety of individuals are our top priorities. This document outlines how to responsibly report vulnerabilities and our commitment to addressing them promptly.

If you discover a security vulnerability in any of our repositories or projects, please report it responsibly by following these steps:

1. Contact Us Securely:

   • Send an email to AiPals@outlook.com with the subject line: "Security Vulnerability Report."
   • Include a detailed description of the issue, steps to reproduce, and potential impact.

2. Sensitive Information:

   • Avoid sharing sensitive or exploitative information publicly in issues, pull requests, or discussions.
   • Use our secure communication methods to ensure confidentiality.

3. Acknowledgment:

   • You will receive an acknowledgment within 48 hours of submitting your report.

4. Assessment:

   • We will investigate the vulnerability and aim to provide an initial resolution timeline within 7 days.

The following are within the scope of our security policy:

• Vulnerabilities in any repositories hosted under AiPals GitHub.
• Issues that compromise the functionality, security, or integrity of tools and projects like:
  • Cybersecurity scanners.
  • ProjectSentinel features.
• Misconfigurations or exposed secrets in our repositories.

The following are not within the scope of this policy:

• Vulnerabilities in third-party dependencies (unless used directly in our code).
• Personal devices or accounts of contributors.

We are dedicated to maintaining secure and ethical practices in all our projects. To uphold this commitment:

• All projects are developed with secure coding practices.
• Dependencies are regularly reviewed and updated to address potential vulnerabilities.
• Collaborators and contributors are encouraged to follow security best practices, including:
  • Using strong authentication methods.
  • Avoiding inclusion of sensitive data (e.g., credentials) in the repositories.
  • Running regular vulnerability scans for all contributions.

We strongly encourage responsible disclosure of vulnerabilities. Contributors and users who report issues responsibly will:

• Receive recognition in our Security Acknowledgments (if desired).
• Be prioritized for early access to updates and features addressing the issue.

We reserve the right to take appropriate action against individuals who exploit vulnerabilities or fail to disclose them responsibly.

To ensure the safety of all collaborators and users:

• Contributors: Follow secure development guidelines, including validating inputs, encrypting sensitive data, and minimizing dependencies.
• Users: Regularly update tools and software to the latest versions. Report suspicious activity or vulnerabilities immediately.
• Community: Respect our Code of Conduct and prioritize safety in all interactions.

We thank the security research and ethical hacking community for helping us identify and address vulnerabilities. Your contributions ensure the safety and reliability of our projects.

For any security-related questions or to report a vulnerability:

• Email: AiPals@outlook.com
• GitHub Issues: Open an issue labeled security (only for non-sensitive matters).

Last Updated: November 30, 2024