This policy applies to every repository in the MAPS Lab organization unless a repository provides its own security policy.
MAPS Lab is committed to maintaining the security of our software and promptly addressing security vulnerabilities. Security fixes target the latest release of each actively maintained project. Older releases do not receive security updates, so please upgrade to the most recent version before reporting an issue.
The MAPS Lab team takes security vulnerabilities seriously. If you discover a security issue within any MAPS Lab project, please report it by following the guidelines below. This allows us to assess the risk and take the necessary steps to mitigate the vulnerability as quickly as possible.
- Email. Send an email to mapslab@dal.ca. Please include a detailed description of the issue, including the steps to reproduce the vulnerability and the affected repository. If possible, include patches, scripts, or other resources that could help evaluate the vulnerability.
- GitHub issue. For findings that do not immediately impact the security of a project or its users (such as potential optimizations or best practices), consider opening a GitHub issue on the relevant repository.
- Acknowledgment. You can expect to receive an acknowledgment of your report within 72 hours.
- Communication. We will keep you informed of your report's status, including the vulnerability assessment, throughout the resolution process.
- Confidentiality. Please keep the communication regarding the security issue confidential until we have assessed the impact and publicly disclosed the vulnerability.
- Disclosure. Once the vulnerability has been addressed, we will provide a report about the issue, the steps taken to resolve it, and any applicable acknowledgments to those who reported it.
We appreciate your support in making MAPS Lab projects more secure. By following these guidelines, we can work together to ensure the security and integrity of our software.