This security policy applies to the GitHub repository 'Project-Mastermind' (https://github.com/t4ai-workshops/Project-Mastermind). The goal is to safeguard the security of this repository and its associated assets. Security Measures Access Control
Only project maintainers and authorized developers have write access to the repository. All team members must authenticate with two-factor authentication to gain access. Write access to the main 'main' branch is restricted to project maintainers. Developers work in their own branches.
All actions in the repository, including pushes, pull requests, and issues, are logged. Project maintainers regularly review the logs for suspicious activity.
Only secure versions of libraries and tools are allowed to be used. Dependencies are periodically scanned for security vulnerabilities and updated.
Security updates for the repository, libraries, and tools are applied as soon as possible. Project maintainers keep the community informed about security-related changes.
In case of a security incident, such as a leaked API key, an incident response protocol is followed:
Incident is reported to project maintainers. Access is restricted and new secure API keys are generated. The root cause is investigated, and corrective measures are taken. The community is notified.
This security policy aligns with the general guidelines of the Contributor Covenant Code of Conduct, which is used as part of this project. Communication and Training
The security policy is communicated to all team members and shared in the repository. New team members receive an introduction to the security policy and requirements. Periodic security training sessions are organized for all team members.
The security policy is reviewed and updated, if necessary, at least once a year. Project maintainers monitor developments in cybersecurity and adapt the policy accordingly.
For questions or comments about this security policy, please contact the project maintainers.
n.a.
| Version | Supported |
|---|---|
| 0.1.0 | ❌ |
| .._ | ❌ |
| .._ | ❌ |
| .._ | ❌ |
If you discover a security vulnerability within the 'Project-Mastermind' repository, please report it to the project maintainers by creating a new issue on the GitHub repository.
When reporting a vulnerability, please provide the following information:
- A clear description of the vulnerability and how it can be exploited
- Steps to reproduce the issue
- The potential impact of the vulnerability
- Any mitigating factors or existing workarounds
The project maintainers will acknowledge the report within 5 business days and provide you with an estimated timeline for addressing the vulnerability. Security vulnerabilities will be prioritized and addressed as quickly as possible.
If the vulnerability is confirmed and accepted, the maintainers will:
- Work on a fix or mitigation
- Provide you with updates on the progress
- Coordinate the release of the fix with the community
If the vulnerability is declined, the maintainers will provide a justification for the decision.
All vulnerability reports and the project's response will be kept confidential during the process. Once a fix has been released, the details of the vulnerability may be made public to allow others to update their systems.
Thank you for helping to keep the 'Project-Mastermind' repository secure.