Ensuring the security of our project and its users is a top priority. We appreciate and encourage responsible disclosure of vulnerabilities. This document outlines our security policy and the process for reporting security issues.

Use this section to tell people about which versions of your project are currently being supported with security updates.

If you discover a security vulnerability in MysticalSTD, please report it to us privately. Publicly disclosing a vulnerability can put the project and its users at risk. We will work with you to understand and address the issue promptly.

• 1. Email: Send an email to [email protected] with the subject line "Security Vulnerability Report".
• 2. Include:
  • A description of the vulnerability.
  • Steps to reproduce the issue.
  • Any potential impact it may have.
  • Any possible solutions or mitigations you can suggest.
• 3. Do Not:
  • Open a public issue on GitHub to report the vulnerability.

• 1. Acknowledgment: We will acknowledge receipt of your report within 72 hours and provide an initial response indicating the next steps in handling the vulnerability.
• 2. Investigation: We will investigate the issue thoroughly to verify its validity and determine the impact.
• 3. Mitigation: We will work on a fix and plan the release of a patch. This might involve collaboration with you to understand the vulnerability better and to test potential fixes.
• 4. Disclosure: Once the fix is implemented, we will coordinate with you to disclose the vulnerability and the fix. We aim to disclose vulnerabilities in a way that minimizes risk to our users.

The following areas are in scope for our security policy:

1. NodeJs and Express backend
2. Kafka messaging
3. Redis caching and storage
4. Infrastructure
5. The process for scanning, testing, and deploying the web app

If you are unsure whether a specific area is in scope, please feel free to contact us.

While we strive to maintain a secure codebase, we also encourage our contributors to follow these best practices:

1. Keep dependencies up to date.
2. Use secure coding practices.
3. Regularly review code for potential security issues.
4. Follow the principle of least privilege for accessing resources.
5. Use strong, unique passwords for any credentials.

We appreciate the efforts of security researchers and developers who help us keep MysticalSTD secure. We will acknowledge your contributions publicly if you wish, once the vulnerability is fixed.