Skip to content

Security: Guztaver/portfolio

Security

SECURITY.md

Security Policy

Supported Versions

We release patches for security vulnerabilities in the following versions:

Version Supported
1.x.x

Reporting a Vulnerability

We take the security of our portfolio project seriously. If you discover a security vulnerability, please follow these steps:

How to Report

  1. DO NOT open a public GitHub issue for security vulnerabilities
  2. Send an email to contact@gustavoanjos.com with the subject line "Security Vulnerability Report"
  3. Include the following information in your report:
    • Description of the vulnerability
    • Steps to reproduce the issue
    • Potential impact
    • Suggested fix (if you have one)

What to Expect

  • Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
  • Initial Response: We will provide an initial response within 5 business days
  • Updates: We will keep you informed about our progress throughout the investigation
  • Resolution: We aim to resolve security issues within 30 days of initial report

Scope

This security policy applies to:

  • The main portfolio application
  • Build and deployment scripts
  • Dependencies and third-party packages

Out of Scope

The following are considered out of scope:

  • Social engineering attacks
  • Physical attacks
  • Attacks requiring physical access to user devices
  • Issues in third-party services not directly controlled by this project

Security Best Practices

We follow these security practices:

  • Regular dependency updates
  • Secure coding practices
  • Input validation and sanitization
  • Protection against common web vulnerabilities (XSS, CSRF, etc.)
  • Secure deployment configurations

Recognition

We appreciate security researchers who help keep our project safe. With your permission, we will:

  • Acknowledge your contribution in our release notes
  • Credit you in our security acknowledgments

Legal

We will not pursue legal action against security researchers who:

  • Follow responsible disclosure practices
  • Do not access or modify user data
  • Do not perform attacks that could harm users or systems
  • Report vulnerabilities in good faith

Thank you for helping keep our project and users safe!

Contact

For any security-related questions or concerns, please contact:

There aren’t any published security advisories