At Webex Contact Center API Samples, we take security and the privacy of our users seriously. We appreciate your efforts in responsibly disclosing any security vulnerabilities you may find in our project. This project relies on open source packages and their dependencies to enhance project comprehensibility. While these packages provide numerous benefits, it is essential to acknowledge that vulnerabilities may exist within them. As the maintainer of this codebase, we are committed to maintaining the security of our project by actively addressing any identified vulnerabilities. To report a security vulnerability, please follow our responsible disclosure guidelines.
To ensure the security of our project, we follow these procedures:
-
Regular Security Scans: We perform regular security scans to identify potential vulnerabilities in the packages we use.
-
Prompt Updates: Once a vulnerability is discovered, we strive to promptly update the affected package to the latest version available, which includes necessary security patches.
If you have found a vulnerability, please:
- Open a support ticket using the Webex Contact Center Developer support channel at: https://developer.webex-cx.com/support
- Allow us a reasonable amount of time to respond to your report. We will make our best efforts to acknowledge your report promptly and keep you informed of any progress.
If you believe you have identified a potential security concern or vulnerability that affects a package dependency used by our project, please report it directly to the maintainer of that package. You can usually find the contact information or vulnerability disclosure process for each package in their respective documentation.
-
Keep dependencies updated: Regularly review and update your project's dependencies to include the latest security patches and bug fixes. Use tools such as npm audit or npm-check to check for known vulnerabilities in your dependencies.
-
Secure authentication and authorization: Ensure that sensitive data, such as user credentials or access tokens, are handled securely and protected from unauthorized access. Use well-established authentication and authorization mechanisms.
-
Input validation and sanitization: Always validate and sanitize user inputs to prevent common security vulnerabilities such as cross-site scripting (XSS) and SQL injection attacks.
-
Secure session management: Implement secure session management practices, including the use of secure cookies, proper session expiration, and protection against session hijacking or fixation attacks.
-
Secure communications: Use secure communication protocols (HTTPS) and ensure proper configuration to protect data transmitted between the client and server.
Please note that while we strive to follow the best security practices and address reported vulnerabilities promptly, the nature of software development means that new risks and vulnerabilities may arise. We appreciate your collaboration in helping us maintain the security and integrity of our project.
Thank you for your contribution to the security of the Webex Contact Center API Samples repo!