Skip to content

Security: Ouranosinc/ESPO-G

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you believe you have found a security vulnerability, we encourage you to let us know right away. We take all security vulnerabilities seriously and appreciate your efforts to responsibly disclose them.

Please follow these steps to report a security vulnerability:

  1. Email: Email github-support@ouranos.ca with a detailed description of the vulnerability. If applicable, please include any steps or a proof-of-concept to help us understand and reproduce the issue.

  2. Encryption (Optional): If you are concerned about the sensitivity of the information you are sharing, you can use the PGP key found below to encrypt your communication.

  3. Response: We will acknowledge your email within 48 hours and work with you to understand and confirm the vulnerability.

  4. Fix and Disclosure: Once the vulnerability is confirmed, we will work to address it promptly. We appreciate your patience as we investigate and implement a fix. Once resolved, we will coordinate the disclosure and provide credit to the reporter unless they prefer to remain anonymous.

PGP Encryption Key

You can use the following PGP key to encrypt your communications with us:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZamQrhYJKwYBBAHaRw8BAQdA+saPvmvr1MYe1nQy3n3QDcRE9T7UzTJ1XH31
EI4Zb6u0Mk91cmFub3MgR2l0SHViIFN1cHBvcnQgPGdpdGh1Yi1zdXBwb3J0QG91
cmFub3MuY2E+iJkEExYKAEEWIQSeAu+Cbjupx79jy9VeVFD6o5TVcwUCZamQrgIb
AwUJCWYBgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBeVFD6o5TVc4ho
AQDXjDkx0b3A7yl6PQ4hBJ2uYzw0UWbml7mUwVdhMmdZkQD/VJZQNWrCQeOtYEM8
icZJYwR/OsKFOWqlDytusGGtjwa4OARlqZCuEgorBgEEAZdVAQUBAQdAa41Zabjz
P9O+p6tI69Cnft6U5om3+qCcMo8amTqauH0DAQgHiH4EGBYKACYWIQSeAu+Cbjup
x79jy9VeVFD6o5TVcwUCZamQrgIbDAUJCWYBgAAKCRBeVFD6o5TVcwmaAQClDxW6
2gir7lhRXAcO+vmRImpGd29TrkcQVh+ak7VlwQEA706d7Kusiorlf/h8pLSoNMmS
kuLGmHpUJ8NVGppU+wo=
=wuxr
-----END PGP PUBLIC KEY BLOCK-----

Preferred Languages

We prefer all communications to be in either English or French.

There aren’t any published security advisories