From 060c7658ef52c7aeafe12c8fad3df66a1dcbaec4 Mon Sep 17 00:00:00 2001 From: Nemo <commits@captnemo.in> Date: Fri, 09 May 2025 18:03:28 +0530 Subject: [PATCH] Create SECURITY.md --- SECURITY.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..5c4ac85 100644 --- /dev/null +++ a/SECURITY.md @@ -1,0 +1,28 @@ +# Mergington High School Security Policy + +## Reporting a Vulnerability + +At Mergington High, we take the security of our Extra-Curricular Activities website seriously, especially +since it contains student information. If you discover a security vulnerability, please follow these steps: + +1. **Do not** create an issue on this repository, disclose the vulnerability publicly, or discuss it with other teachers/students. +1. In the top navigation of this repository, click the **Security** tab. +1. In the top right, click the **Report a vulnerability** button. +1. Fill out the provided form. It will request information like: + - A description of the vulnerability + - Steps to reproduce the issue + - Potential impact on student data or website functionality + - Suggested fix (if you have one) +1. Email the IT Club faculty advisor at techsupport@mergingtonhigh.example.edu and inform them you have made a report. **Do not** include any vulnerability details. + +## Response Timeline + +- We will acknowledge receipt of your report within 2 school days +- We will provide an initial assessment within 5 school days +- Critical issues affecting student data will be addressed immediately +- We will create a private fork to solve the issue and invite you as a collaborator so you can see our progress and contribute. + +## Thank You + +Your help in keeping our school's digital resources secure is greatly appreciated! +Responsible disclosure of security vulnerabilities helps protect our entire school community. -- rgit 0.1.5