Security Policy
Security Policy
Reporting Security Vulnerabilities
If you discover a security vulnerability in any of our projects, please report it responsibly.
How to Report
DO NOT open a public GitHub issue for security vulnerabilities.
Instead, please contact us directly:
📧 Email: info@metinet.de
Subject: [SECURITY] Project Name - Brief Description
What to Include
Please include the following information:
- Project/Repository Name
- Description of the vulnerability
- Steps to reproduce (if applicable)
- Potential impact
- Suggested fix (if you have one)
- Your contact information (for follow-up)
Response Time
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution Target: Depends on severity
Security Severity Levels
- 🔴 Critical: Immediate action required (24-48h)
- 🟠 High: Fix within 1 week
- 🟡 Medium: Fix within 2 weeks
- 🟢 Low: Fix in next release cycle
Disclosure Policy
- We will acknowledge your report within 48 hours
- We will keep you informed of our progress
- We will credit you (if you wish) when we publish the fix
- We ask for responsible disclosure (give us time to fix before public disclosure)
Supported Versions
Security updates are provided for:
- ✅ Latest stable release
- ✅ Previous major version (if still in active use)
Older versions may not receive security updates.
Security Best Practices
When using our projects:
- Keep API keys secure - Never commit keys to version control
- Update regularly - Always use the latest stable version
- Review permissions - Check what permissions extensions/apps request
- Monitor usage - Keep an eye on API usage and logs
- Report issues - If you see something, say something
Hall of Fame
We appreciate responsible security researchers. Contributors will be listed here (with permission):
- No reports yet
Contact
Security Contact: info@metinet.de
Organization: metinet-de
Maintained by: Metin Özkan
Location: Berlin, Germany
Thank you for helping keep our projects secure! 🔒