From 4c0921c0e98eba41b9c2e54e21865f94ea1f337c Mon Sep 17 00:00:00 2001 From: Nitya Gosain Date: Wed, 11 Feb 2026 22:54:26 +0530 Subject: [PATCH 1/2] Rename SECURITY.md to docs/SECURITY_IMPLEMENTATION.md --- SECURITY.md => docs/SECURITY_IMPLEMENTATION.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename SECURITY.md => docs/SECURITY_IMPLEMENTATION.md (100%) diff --git a/SECURITY.md b/docs/SECURITY_IMPLEMENTATION.md similarity index 100% rename from SECURITY.md rename to docs/SECURITY_IMPLEMENTATION.md From 2e9920f1bd0fb43cdc18a0299b23da4bcd92afe5 Mon Sep 17 00:00:00 2001 From: Nitya Gosain Date: Wed, 11 Feb 2026 22:55:37 +0530 Subject: [PATCH 2/2] Create SECURITY.md --- SECURITY.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..d1b3472d --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,33 @@ +# Security Policy + +AgriTech is committed to ensuring the safety of agricultural data and the integrity of our Flask-based ecosystem. We value the input of security researchers and the open-source community. + +> [!IMPORTANT] +> **Do NOT open a public GitHub issue for security vulnerabilities.** Please follow the private reporting process below. + +## Safe Harbor +Any researcher who follows this policy while reporting a vulnerability will be considered to be in compliance with this policy. We will not initiate legal action against you for research conducted within these boundaries. + +## How to Report +Please report security vulnerabilities privately to the maintainers. + +### Vulnerability Report Template +To help us triage your report quickly, please include: +1. **Title**: Concise summary of the issue. +2. **Impact**: How could this be exploited? (e.g., Data breach, Remote Code Execution). +3. **Affected App**: (e.g., Disease Prediction, Crop Yield App). +4. **Steps to Reproduce**: Minimal steps or a PoC script. +5. **Recommended Fix**: If you have a suggestion for remediation. + +## Scope +This policy applies to all sub-applications within the AgriTech repository, including but not limited to: +* Disease Prediction (File Uploads) +* Crop Recommendation (Input Validation) +* Forum (XSS/Auth) +* All internal Database Migrations + +## 🛠 Security Implementation Reference +For detailed documentation on how we have mitigated SQLi, XSS, and File Upload vulnerabilities, please refer to our **[Security Implementation Guide](docs/SECURITY_IMPLEMENTATION.md)**. + +--- +*AgriTech - Securing the future of farming.*