Skip to content
This repository was archived by the owner on May 24, 2026. It is now read-only.

Security: NibrasPlatform/.github

Security

SECURITY.md

Security Policy

Scope

This policy applies to repositories in this org that are under active development, especially services that handle:

  • authentication and authorization
  • student or instructor account data
  • analytics or recommendation outputs
  • file uploads, tokens, or API integrations

Reporting a Vulnerability

Do not open a public issue for security problems.

Instead:

  1. Use GitHub private vulnerability reporting if it is enabled for the repository.
  2. If private reporting is not enabled, contact the repository maintainers through a private channel already used by the project team.
  3. Include the affected repository, impact, reproduction steps, and any proof-of-concept details needed to validate the issue.

What To Include

  • affected repository and branch
  • vulnerability type
  • attack prerequisites
  • step-by-step reproduction
  • expected impact
  • suggested mitigation, if known

Response Expectations

  • Initial acknowledgment target: within 5 business days
  • Status updates: as investigation progresses
  • Public disclosure: only after a fix or mitigation is available

Handling Guidelines

  • Avoid sharing secrets, tokens, or production data in reports.
  • Minimize access during testing.
  • Coordinate fixes for cross-repository issues before disclosure.

There aren't any published security advisories