|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## Supported Versions |
| 4 | + |
| 5 | +Currently, all versions of the Enterprise Taskflow are being supported with security updates. |
| 6 | + |
| 7 | +| Version | Supported | |
| 8 | +| ------- | ------------------ | |
| 9 | +| 1.0.x | :white_check_mark: | |
| 10 | +| < 1.0 | :x: | |
| 11 | + |
| 12 | +## Reporting a Vulnerability |
| 13 | + |
| 14 | +We take the security of our Enterprise Taskflow seriously. If you believe you've found a security vulnerability, please follow these steps: |
| 15 | + |
| 16 | +### How to Report |
| 17 | +1. **Do NOT create a public issue** for security vulnerabilities |
| 18 | +2. Email security reports to: [[email protected]] |
| 19 | +3. Include detailed information about the vulnerability |
| 20 | +4. Provide steps to reproduce if possible |
| 21 | + |
| 22 | +### What to Include |
| 23 | +- Description of the vulnerability |
| 24 | +- Potential impact |
| 25 | +- Steps to reproduce |
| 26 | +- Suggested fix (if any) |
| 27 | +- Your contact information |
| 28 | + |
| 29 | +### Response Timeline |
| 30 | +- **Initial Response**: Within 48 hours |
| 31 | +- **Assessment**: Within 5 business days |
| 32 | +- **Fix Development**: Dependent on complexity |
| 33 | +- **Public Disclosure**: After fix is deployed |
| 34 | + |
| 35 | +### Scope |
| 36 | +This security policy covers: |
| 37 | +- Client-side JavaScript code |
| 38 | +- Input validation mechanisms |
| 39 | +- Data sanitization processes |
| 40 | +- Cross-site scripting (XSS) prevention |
| 41 | +- Mathematical operation safety |
| 42 | + |
| 43 | +### Out of Scope |
| 44 | +- Styling/CSS issues |
| 45 | +- Feature requests |
| 46 | +- General bug reports (use Issues tab instead) |
| 47 | + |
| 48 | +## Security Measures |
| 49 | + |
| 50 | +Our calculator implements several security features: |
| 51 | + |
| 52 | +### Input Sanitization |
| 53 | +- All user inputs are validated and sanitized |
| 54 | +- Mathematical expressions are safely evaluated |
| 55 | +- No external API calls or data transmission |
| 56 | + |
| 57 | +### Client-Side Security |
| 58 | +- No sensitive data storage |
| 59 | +- All operations occur locally in browser |
| 60 | +- No external dependencies |
| 61 | + |
| 62 | +### Safe Evaluation |
| 63 | +- Custom expression parser for mathematical operations |
| 64 | +- Domain validation for all mathematical functions |
| 65 | +- Error boundary implementation |
| 66 | + |
| 67 | +## Updates and Patches |
| 68 | + |
| 69 | +Security updates will be: |
| 70 | +- Released as soon as possible |
| 71 | +- Clearly documented in release notes |
| 72 | +- Backported to supported versions |
| 73 | + |
| 74 | +## Acknowledgments |
| 75 | + |
| 76 | +We thank the security researchers and users who help us keep the Scientific Calculator secure. |
0 commit comments