If you believe you've found a security vulnerability in NetHawk, please follow these steps to report it:
-
Private Report: Please do not open an issue in the public GitHub repository for security vulnerabilities. Instead, email your report to [[email protected]]
-
Provide Details: When submitting a report, please include the following details:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Impact assessment of the vulnerability.
- Any relevant files or logs, if applicable.
-
Acknowledgment: We will respond to your report within 48 hours and will work to fix the issue promptly. We may request more details during the investigation process.
Security patches will be released as soon as possible for confirmed vulnerabilities. We will make sure to provide a security patch within a reasonable time frame after the vulnerability has been identified and fixed.
While interacting with the project maintainers, contributors, and the community, please adhere to the following principles:
- Respect: Treat everyone with respect and courtesy.
- Constructive Feedback: Security issues should be reported thoughtfully and in a constructive manner.
- Confidentiality: Please refrain from disclosing any security issues publicly before an official fix has been released.
When contributing to the codebase, please follow these best practices:
- Avoid hardcoding secrets like passwords and API tokens in the source code.
- Sanitize user inputs to prevent injection attacks.
- Keep dependencies up to date to avoid vulnerabilities in third-party packages.
- Ensure proper error handling to avoid exposing sensitive information.
Contributors are encouraged to:
- Suggest or implement security improvements.
- Participate in code reviews to identify potential security flaws.
- Stay informed about security issues in open-source libraries used by NetHawk.
We acknowledge and thank the security researchers who contribute to improving NetHawk's security by reporting vulnerabilities responsibly.