Vineyard Technologies is committed to ensuring the security of our open-source projects and the data of our users. We value the contributions of the security community and appreciate your efforts in helping us maintain a secure environment.
This security policy applies to all projects under the Vineyard Technologies organization. We provide security updates for the latest stable release of each active project.
We take all security vulnerabilities seriously. If you discover a security issue, please report it to us privately to protect our users.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please email us at contact@VineyardTechnologies.org.
To help us triage your report quickly, please include the following information:
- Project Name: The repository or project affected.
- Vulnerability Type: e.g., Cross-Site Scripting (XSS), SQL Injection, Remote Code Execution, etc.
- Detailed Description: Step-by-step instructions to reproduce the issue.
- Proof of Concept (PoC): Code, screenshots, or a video demonstrating the vulnerability.
- Impact: What an attacker could achieve by exploiting the vulnerability.
- Your Contact Information: So we can follow up with you.
- Acknowledgment: We will acknowledge receipt of your report within 48 hours.
- Triage: We will investigate and validate the vulnerability.
- Remediation: We will work on a patch to fix the issue.
- Disclosure: Once the vulnerability is patched, we will coordinate with you on public disclosure. We may issue a security advisory and credit you for your discovery.
We encourage all our project maintainers and contributors to follow these security best practices:
- Dependency Management: Keep dependencies up-to-date and use tools to scan for known vulnerabilities.
- Code Reviews: All code changes should be reviewed for security issues before being merged.
- Principle of Least Privilege: Grant only the necessary permissions for applications and services.
- Data Protection: Avoid storing sensitive data in repositories. Use secure methods for handling secrets and credentials.
Thank you for helping keep Vineyard Technologies and our users safe.