Skip to content

Security: TeslenkoPavlo/SE-practice

Security

Security.md

Security Policy

Thank you for helping us keep our project secure. This document outlines our security practices and provides guidance for reporting potential vulnerabilities.

Contact Information

If you discover a security vulnerability, please contact us via email: teslenkopasha5@gmail.com. We currently do not provide a separate PGP key.

Reporting Timeline

We aim to acknowledge and respond to all reports within 7–14 business days. Your cooperation in providing clear and detailed information is greatly appreciated.

Scope

This security policy applies to the client-side web application developed for the “Open Day Navigator” project, which includes:

  • All HTML, CSS, and JavaScript code hosted on GitHub Pages.
  • Features related to the navigation functionality, including GPS-based location tracking, directional guidance, and user interface elements.
  • Visual and interactive components such as animations and the futuristic design.

Note: Third-party services (e.g., Google Maps links) and any external libraries are not included in this scope. Please refrain from testing or probing these external services.

Vulnerability Disclosure

We follow a coordinated disclosure process:

  • Responsible Reporting: We request that you share vulnerability details with us privately. Do not publicly disclose any vulnerability information until we have had the opportunity to address it.
  • Investigation & Resolution: Once a report is received, we will investigate and, if validated, work on an appropriate fix. Due to the academic and experimental nature of this project, fixes will be applied as promptly as possible.
  • No Bounty Program: Please note that there is no formal bug bounty program associated with this project.

Testing Guidelines

We ask that all security testing be conducted responsibly and without impacting the availability or functionality of the application for other users. Unauthorized testing, including any attempt to perform denial-of-service (DoS) attacks or other disruptive actions, is strictly prohibited.

Thank You

Your efforts to help secure our project are invaluable. We appreciate your commitment to improving the security and reliability of our application.

There aren’t any published security advisories