• Secure Credentials: Users must ensure their account credentials are kept secure at all times. This includes using strong, unique passwords and keeping all access credentials confidential. Passwords must not shared, stored, or written down in any insecure manner.
• Integrity of Data and Systems: Users must take necessary precautions to ensure the integrity of research data and prevent unauthorized access to or alteration of data and system configurations.
• Endpoint Security: Users are responsible for ensuring that any device used to access the HPC environment is secured against unauthorized access and free of malware. This includes keeping operating systems and applications up-to-date with regular security patches.
• Incident Reporting: Any suspected security incident or unusual activity must be reported immediately to the cluster administrator or IT security team. This includes, but is not limited to, any unauthorized access attempts, loss of credentials, data loss, or unusual system behavior.

If you believe you have found a security vulnerability in any Star HPC-owned repository, please report it to us through coordinated disclosure.

Do not report security disclosures through any public issues, discussions, or pull requests.

Instead, please send an email to starhpc[@]hofstra.edu.

Please include as much of the information listed below as you can to help us better understand and resolve the issue:

• The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code, if available
• Impact of the issue, including how an attacker might exploit the issue