Skip to content

Latest commit

 

History

History
35 lines (20 loc) · 1.69 KB

SECURITY.md

File metadata and controls

35 lines (20 loc) · 1.69 KB

Security Policy

Reporting a Vulnerability

If you discover any security-related issues or vulnerabilities in ONLang, please follow these steps to report it responsibly:

  1. Do not create a public GitHub issue. Security vulnerabilities should be reported privately.

  2. Email the details to [email protected]. Please include a thorough description of the issue, steps to reproduce it, and any additional information that might be relevant.

  3. Allow some time for the maintainers to assess and address the vulnerability.

Security Best Practices

To enhance the security of your ONLang scripts and applications, consider the following best practices:

  1. Avoid Hardcoding Sensitive Information:

    • Do not hardcode sensitive information (e.g., API keys, passwords) directly into your ONLang scripts or configuration files.
  2. Secure External System Integration:

    • When interacting with external systems (e.g., Qualtrics, Salesforce), ensure secure handling of authentication tokens, credentials, and sensitive data.
  3. Regularly Update Dependencies:

    • Keep ONLang and its dependencies up-to-date to benefit from security patches and improvements.
  4. Validate User Input:

    • If your ONLang scripts accept user input, validate and sanitize the input to prevent potential security vulnerabilities like injection attacks.
  5. Audit Object Creation:

    • Regularly review and audit the ONLang scripts for object creation, ensuring that the generated objects adhere to the intended security policies.

License

ONLang is open-source software released under the MIT License. By using or contributing to this project, you agree to abide by its terms.