File: SECURITY.md

package info (click to toggle)
logdata-anomaly-miner 2.2.2-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, sid
  • size: 4,464 kB
  • sloc: python: 24,066; sh: 1,860; xml: 821; makefile: 19
file content (29 lines) | stat: -rw-r--r-- 1,788 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| 2.x.x   | :white_check_mark: |
| < 2.0.0   | :x:                |

## Reporting a Vulnerability

Please email reports about any security related issues you find to aecid@ait.ac.at. This mail is delivered to a small developer team. Your email will be acknowledged within one business day, and you'll receive a more detailed response to your email within 7 days indicating the next steps in handling your report. 

Please use a descriptive subject line for your report email. After the initial reply to your report, our team will endeavor to keep you informed of the progress being made towards a fix and announcement.

In addition, please include the following information along with your report:

* Your name and affiliation (if any).
* A description of the technical details of the vulnerabilities. It is very important to let us know how we can reproduce your findings.
* An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This will help us evaluate your report quickly, especially if the issue is complex.
* Whether this vulnerability public or known to third parties. If it is, please provide details.
* Whether we could mention your name in the changelogs.

Once an issue is reported we use the following disclosure process:

* When a report is received, we confirm the issue and determine its severity.
* If we know of specific third-party services or software based on logdata-anomaly-miner that require mitigation before publication, those projects will be notified.
* Fixes are prepared for the last minor release of the latest major release.
* Patch releases are published for all fixed released versions.