The following versions of Demoappaz204 are currently being supported with security updates:
| Version | Supported | .NET Version | Status |
|---|---|---|---|
| 1.2.x | ✅ | .NET 8.0 | Current |
| 1.1.x | ✅ | .NET 8.0 | LTS |
| 1.0.x | .NET 8.0 | Limited Support | |
| < 1.0 | ❌ | .NET 7.0 | End of Life |
Note: We recommend always using the latest stable version for the best security posture.
Before reporting a vulnerability, please ensure you've followed these security best practices:
- Keep your Azure services and dependencies up to date
- Use HTTPS for all communications
- Implement proper input validation
- Follow the principle of least privilege for Azure resources
- Enable Azure Security Center recommendations
- Use managed identities where possible
Step 1: Internal Discussion
-
Teams Channel: Post your security concern in the dedicated #demoappaz204-security Teams channel
- Use the format:
🔒 SECURITY: [Brief Description] - Include severity level:
Critical,High,Medium, orLow - Tag relevant team members:
@security-team@project-leads
- Use the format:
-
Initial Assessment: The security team will acknowledge within 2 business hours and provide initial assessment within 24 hours
-
Internal Discussion:
- Security team will create a private discussion thread
- Include technical details, impact assessment, and reproduction steps
- Collaborate on potential fixes and mitigation strategies
Step 2: Create Pull Request
-
Branch Creation: Create a security fix branch using the naming convention:
security/[issue-id]-[brief-description] Example: security/SEC-001-sql-injection-fix -
Pull Request Guidelines:
- Title:
🔒 [SECURITY] Brief description of the fix - Description: Reference the Teams discussion and include:
- Vulnerability description and impact
- Fix implementation details
- Testing performed
- Security team approval reference
- Reviewers: Assign to security team and project leads
- Labels: Add
security,priority-high, and appropriate severity label
- Title:
-
Review Process:
- Security team review: Required
- Code review by 2+ senior developers: Required
- Automated security scans: Must pass
- Manual testing: Required for critical/high severity
For External Contributors or Security Researchers:
-
Email: Send detailed vulnerability reports to:
security@techm-demoapp.com -
Information to Include:
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested remediation (if any)
- Your contact information for follow-up
-
Response Timeline:
- Initial acknowledgment: Within 48 hours
- Preliminary assessment: Within 5 business days
- Status updates: Weekly or as significant developments occur
- Resolution timeline: Based on severity (see table below)
| Severity | Initial Response | Fix Target | Deployment Target |
|---|---|---|---|
| Critical | 2 hours | 24 hours | 48 hours |
| High | 8 hours | 72 hours | 1 week |
| Medium | 24 hours | 2 weeks | 1 month |
| Low | 48 hours | 1 month | Next release |
- Primary Security Contact: security-lead@techm.com
- Teams Channel: #demoappaz204-security
- Emergency Contact: +1-XXX-XXX-XXXX (for critical vulnerabilities only)
- PGP Key: Available upon request for encrypted communications
- Coordinated Disclosure: We practice coordinated disclosure and ask that you do not publicly disclose vulnerabilities until we've had a chance to address them
- Recognition: Security researchers will be credited in our security acknowledgments (unless they prefer to remain anonymous)
- Bug Bounty: Currently evaluating a bug bounty program - stay tuned for updates
- Azure Security Documentation
- OWASP Top 10
- ASP.NET Core Security Guidelines
- Bicep Security Best Practices
Last Updated: February 3, 2026
Next Review: May 3, 2026