amd/orcaslicer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Create SECURITY.md (#3696)

Browse source
This commit is contained in:
Giveen 2024-01-23 04:20:08 -07:00 committed by GitHub
parent 757b4de4c6
commit 4ec96d25a4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 32 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
SECURITY.md Normal file
View file

@ -0,0 +1,32 @@
POLICY: Our security policy is to avoid leaving the ecosystem worse than we found it. Meaning we are not planning to introduce vulnerabilities into the ecosystem.
The OrcaSlicer team and community take all security bugs in OrcaSlicer seriously. Thank you for improving the security of OrcaSlicer. We appreciate your efforts to disclose the issue responsibly, and will make every effort to acknowledge your contributions.
Report security bugs by emailing the lead maintainer at softfeverever@gmail.com and include the word "SECURITY" in the subject line.
The lead maintainer will acknowledge your email within a week (7 days), and will send a more detailed response up to 48 hours after that indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and an announcement. We may ask for additional information or guidance.
OrcaSlicer will confirm the problem and determine the affected versions.
OrcaSlicer will audit code to find any similar problems.
OrcaSlicer will prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
Report security bugs in third-party modules to the person or team maintaining the module.
SECURITY DISCLOSURE: Your responsibility is to report vulnerabilities to us using the guidelines outlined below.
Please give detailed steps on how to disclose the vulnerability. Keep these OWASP guidelines in mind ( https://www.owasp.org/index.php/Vulnerability_Disclosure_Cheat_Sheet ) when creating your disclosure policy.
Below are some recommendations for security disclosures:
OrcaSlicer security contact { contact: mailto:softfeverever@gmail.com] }
When disclosing vulnerabilities please do the following:
Your name and affiliation (if any).
Include scope of vulnerability. Let us know who could use this exploit.
Document steps to identify the vulnerability. It is important that we can reproduce your findings.
Show how to exploit vulnerability, give us an attack scenario.
OrcaSlicer Checklist: Security Recommendations
Follow these steps to improve security when using OrcaSlicer.
...SEE SOMETHING
...SAY SOMETHING
1)...SEE SOMETHING
We suggest you goto #2 if this happens.
Why? Through experience we have found it is best to goto #2 in this situation.