At Open Source & Security Africa (OSSAfrica), security is at the core of our mission. We are committed to ensuring the security and integrity of our projects and take all reports of security vulnerabilities seriously.
If you discover a security vulnerability in any OSS-Africa project, please report it responsibly by following these steps:
- Do not disclose the vulnerability publicly until it has been addressed
- Create a private security advisory in the affected repository, or
- Contact the maintainers directly through GitHub's private messaging
To help us understand and address the issue efficiently, please provide:
- A clear description of the vulnerability
- Steps to reproduce the issue
- The potential impact of the vulnerability
- Any suggestions for remediation (if available)
When you report a vulnerability:
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Assessment: Our team will assess the vulnerability and determine its severity
- Resolution: We will work on a fix and keep you informed of our progress
- Disclosure: Once resolved, we will coordinate with you on responsible disclosure
As a community focused on security, we encourage all contributors to:
- Follow secure coding practices
- Keep dependencies up to date
- Report potential security issues promptly
- Participate in security reviews when requested
This security policy applies to all repositories maintained by the OSS-Africa organization on GitHub.
We appreciate security researchers and community members who help improve the security of our projects. Contributors who report valid security issues may be acknowledged in our release notes (with their permission).
Thank you for helping keep OSS-Africa and the broader open source community secure!