Dependensia is committed to ensuring the security and integrity of our codebase and user data. This security policy outlines our guidelines and procedures for identifying, reporting, and responding to security vulnerabilities.
| Version | Supported |
|---|---|
| 0.0.1 | ❌ |
| 0.0.2 | ❌ |
| 0.0.3 | ❌ |
| 0.0.4 | ❌ |
| 0.0.5 | ❌ |
| 0.0.6 | ✅ |
| 0.0.7 | ✅ |
If you believe you have found a security vulnerability in Dependensia, please report it to us immediately. You can report vulnerabilities by:
- Opening an issue on our GitHub repository
- Sending an email to phothinmg@disroot.org
When a security vulnerability is reported, we will:
- Acknowledge receipt of the report within a week
- Assess the vulnerability and determine its severity
- Develop a plan to address the vulnerability
- Implement the plan and verify the fix
- Notify the reporter and the public of the vulnerability and the fix
We use the following classification system to determine the severity of security vulnerabilities:
- Critical: Vulnerabilities that can be exploited to gain unauthorized access to sensitive data or systems
- High: Vulnerabilities that can be exploited to cause significant disruption to our service or compromise user data
- Medium: Vulnerabilities that can be exploited to cause moderate disruption to our service or compromise user data
- Low: Vulnerabilities that are unlikely to be exploited or cause significant disruption to our service
We will disclose security vulnerabilities in accordance with our disclosure policy. We will:
- Disclose vulnerabilities that are critical or high severity within 72 hours of verification
- Disclose vulnerabilities that are medium or low severity within 7 days of verification
- Provide a fix or workaround for the vulnerability whenever possible
We regularly perform security testing and auditing to identify and address potential security vulnerabilities. We use a combination of automated and manual testing techniques to ensure the security and integrity of our codebase.
We comply with all relevant laws and regulations related to security and data protection.
If you have any questions or concerns about our security policy, please contact us at phothinmg@disroot.org.