Skip to content

Security: Enggvault/Full-stack

Security

SECURITY.md

Security Policy

At EnggVault, we prioritize the security of our software and the trust of our users. We appreciate the efforts of the security community in responsibly disclosing vulnerabilities to us.

Supported Versions

We actively maintain and provide security updates for the following major versions of our software. Please note that support policies may vary by individual project.

Version Supported
v2.x.x Yes
v1.x.x No
< v1.0 No

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

If you believe you have discovered a security vulnerability in any EnggVault project, please report it to us using the following procedure:

  1. Email us: Send a detailed email to enggvault@gmail.com.
  2. Provide details: Please include the following information:
    • A clear description of the vulnerability.
    • Exact steps to reproduce the issue.
    • An assessment of the potential impact.
    • Proof of concept (PoC) code if available.

Response Timeline

We endeavor to respond to your report within 48 hours. We will keep you informed of our progress as we investigate and develop a remediation plan.

Responsible Disclosure Policy

We request that you adhere to the following guidelines for responsible disclosure:

  • Do not disclose the vulnerability publicly until we have completed our investigation, deployed a fix, and released an update. We typically request a 90-day embargo period.
  • Do not exploit the vulnerability or use it to access data that does not belong to you.
  • Provide a reasonable timeframe for us to resolve the issue before making it public.

Security Best Practices

We implement rigorous practices to ensure the security of our projects:

  • Automated dependency scanning in CI/CD pipelines.
  • Static code analysis (SAST) during integration.
  • Mandatory peer code reviews for all pull requests.
  • Least-privilege access controls for organizational resources.

We appreciate your assistance in maintaining the security of the EnggVault ecosystem.

There aren't any published security advisories