mirror of
https://github.com/glittercowboy/get-shit-done
synced 2026-04-25 17:25:23 +02:00
34 lines
940 B
Markdown
34 lines
940 B
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
**Please do not report security vulnerabilities through public GitHub issues.**
|
|
|
|
Instead, please report them via email to: **security@gsd.build** (or DM @glittercowboy on Discord/Twitter if email bounces)
|
|
|
|
Include:
|
|
- Description of the vulnerability
|
|
- Steps to reproduce
|
|
- Potential impact
|
|
- Any suggested fixes (optional)
|
|
|
|
## Response Timeline
|
|
|
|
- **Acknowledgment**: Within 48 hours
|
|
- **Initial assessment**: Within 1 week
|
|
- **Fix timeline**: Depends on severity, but we aim for:
|
|
- Critical: 24-48 hours
|
|
- High: 1 week
|
|
- Medium/Low: Next release
|
|
|
|
## Scope
|
|
|
|
Security issues in the GSD codebase that could:
|
|
- Execute arbitrary code on user machines
|
|
- Expose sensitive data (API keys, credentials)
|
|
- Compromise the integrity of generated plans/code
|
|
|
|
## Recognition
|
|
|
|
We appreciate responsible disclosure and will credit reporters in release notes (unless you prefer to remain anonymous).
|