We release patches for security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability within MakerFriends.com, please follow these steps:
Security vulnerabilities should not be disclosed publicly until we have had a chance to address them.
Send an email to: security@makerfriends.com
Please include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (if you have them)
- Your contact information (optional, but helpful for follow-up)
- Initial response: Within 48 hours
- Status update: Within 1 week
- Resolution: As quickly as possible, typically within 30 days
- We will acknowledge receipt of your report
- We will investigate the vulnerability
- We will provide regular updates on our progress
- We will work with you to verify the fix
- We will publicly acknowledge your contribution (if desired) once the vulnerability is resolved
- Always use the latest version of the website
- Report suspicious activity immediately
- Use strong, unique passwords
- Enable two-factor authentication when available
- Follow secure coding practices
- Keep dependencies up to date
- Review code for security vulnerabilities
- Use environment variables for sensitive data
- Never commit secrets or API keys
Our website implements the following security measures:
- HTTPS Only: All traffic is encrypted using SSL/TLS
- Content Security Policy: Prevents XSS attacks
- Input Validation: All user inputs are validated and sanitized
- Dependency Scanning: Regular security audits of dependencies
- Secure Headers: Security headers to prevent common attacks
- No Data Storage: We don't store sensitive user data
- Regular Updates: Dependencies and frameworks are kept current
We believe in responsible disclosure of security vulnerabilities. We will:
- Work with security researchers to fix issues
- Give appropriate credit to reporters (if desired)
- Not take legal action against security researchers acting in good faith
- Publish security advisories for significant vulnerabilities
For security-related questions or concerns, please contact:
- Email: security@makerfriends.com
- Response Time: 24-48 hours
Thank you for helping keep MakerFriends.com secure! 🔒