Skip to content

Security: killenden/NFL_stats

Security

SECURITY.md

Security Policy

Supported Versions

The following versions of NFL_stats are currently supported with security updates.

Version Supported
main / latest
older versions

If you are using an older version of the project, please upgrade to the latest version to receive security fixes.


Reporting a Vulnerability

If you discover a security vulnerability in NFL_stats, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please report the issue privately by:

  • Opening a GitHub Security Advisory
  • Contacting the repository maintainer directly

When reporting a vulnerability, please include as much information as possible:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact
  • Suggested mitigation (if known)
  • Any relevant logs, screenshots, or proof-of-concept code

Response Timeline

The project maintainer will attempt to respond to security reports within:

  • Initial acknowledgment: 3–5 days
  • Investigation: 1–2 weeks depending on severity
  • Patch or mitigation: As soon as reasonably possible

Please understand that response times may vary depending on availability.


Disclosure Policy

After a vulnerability is reported:

  1. The issue will be investigated.
  2. A fix will be developed and tested.
  3. A patch will be released.
  4. The vulnerability may then be publicly disclosed.

Responsible disclosure helps protect users of the project.


Security Best Practices

When using this project:

  • Keep dependencies up to date
  • Do not commit API keys or secrets
  • Use environment variables for sensitive credentials
  • Follow standard Python security practices

Scope

This security policy applies to the code and infrastructure contained within this repository only.

External services, APIs, or third-party libraries used by this project fall under their own respective security policies.


Thank you for helping keep NFL_stats secure.

There aren't any published security advisories