π Other languages: FranΓ§ais
The Mauritania Programmers Community takes the security of our projects and community seriously. We appreciate your efforts to responsibly disclose security vulnerabilities.
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| Latest | β Supported |
| Older |
If you discover a security vulnerability, please follow these steps:
Security vulnerabilities should NOT be reported through public GitHub issues.
Preferred Method: Use GitHub Security Advisories
- Go to the repository's Security tab
- Click "Report a vulnerability"
- Fill out the vulnerability report form
Alternative Methods:
- Direct message on LinkedIn: @Ω Ψ¨Ψ±Ω Ψ¬Ω-Ω ΩΨ±ΩΨͺΨ§ΩΩΨ§
- WhatsApp Admins (for urgent security matters)
To help us understand and address the issue quickly, please include:
- Type of vulnerability (e.g., XSS, SQL injection, authentication bypass)
- Location (file path, URL, or affected component)
- Step-by-step reproduction (how to reproduce the issue)
- Impact assessment (what an attacker could do)
- Suggested fix (if you have recommendations)
- Your contact information (for follow-up questions)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Status Updates: Regular communication throughout the process
- Resolution Timeline: Depends on severity
- π΄ Critical: 1-7 days
- π High: 1-2 weeks
- π‘ Medium: 2-4 weeks
- π’ Low: Best effort
We recognize security researchers who help keep our community safe:
- Public acknowledgment (with permission)
- Listed in our Security Hall of Fame
- Recognition in release notes
- Community appreciation
We follow responsible disclosure principles:
- We'll work with you to understand and resolve the issue
- We won't pursue legal action for good faith security research
- We'll credit you for the discovery (unless you prefer to remain anonymous)
When contributing code, please:
-
Never Commit Secrets
- No API keys, passwords, or tokens in code
- Use environment variables for sensitive data
- Check with tools like git-secrets
-
Follow Secure Coding Practices
- Validate and sanitize all inputs
- Use parameterized queries (prevent SQL injection)
- Implement proper authentication and authorization
- Keep dependencies up to date
-
Review Security Implications
- Consider security impact of your changes
- Ask maintainers if unsure
- Document security-sensitive code
To keep your projects secure:
-
Keep Software Updated
- Use the latest stable versions
- Apply security patches promptly
- Monitor security advisories
-
Use Strong Authentication
- Enable 2FA on your GitHub account
- Use strong, unique passwords
- Protect your SSH keys
-
Be Cautious
- Review code before running it
- Don't share credentials
- Report suspicious activity
We use various tools to maintain security:
- Dependabot: Automated dependency updates
- CodeQL: Security code scanning
- Secret Scanning: Detect committed secrets
- Security Advisories: CVE tracking
Learn more about security:
- OWASP Top 10
- GitHub Security Best Practices
- CWE - Common Weakness Enumeration
- CVE - Common Vulnerabilities and Exposures
This security policy applies to:
- All repositories under the Mauritania Programmers Community organization
- Official community infrastructure
- Community-maintained tools and services
The following are typically out of scope:
- Vulnerabilities in third-party services we don't control
- Social engineering attacks against community members
- Physical security issues
- Denial of Service (DoS) attacks
If you're unsure, please report it anyway. We'll determine the scope.
Please do NOT:
- Access or modify data that doesn't belong to you
- Perform Denial of Service (DoS) attacks
- Spam or social engineer community members
- Violate privacy of community members
- Damage or disrupt services
- Publicly disclose vulnerabilities before resolution
For security-related questions or concerns:
- Security Issues: Use GitHub Security Advisories
- General Security Questions: GitHub Discussions (Security category)
- Urgent Matters: LinkedIn @Ω Ψ¨Ψ±Ω Ψ¬Ω-Ω ΩΨ±ΩΨͺΨ§ΩΩΨ§ or WhatsApp Admins
Security updates will be communicated through:
- GitHub Security Advisories
- Release Notes
- GitHub Discussions Announcements
- LinkedIn Updates
Security fixes will be:
- Released as patch versions for minor vulnerabilities
- Released as emergency updates for critical vulnerabilities
- Documented in CHANGELOG with security labels
We appreciate the security research community and all contributors who help keep our projects secure.
Your responsible disclosure helps protect:
- π²π· The Mauritanian developer community
- π Users of our projects worldwide
- π» The broader open source ecosystem
Protecting Mauritania's Tech Future π²π·π»π
Made with β€οΈ by the Mauritanian tech community