Skip to content

Latest commit

 

History

History
53 lines (43 loc) · 2.35 KB

SECURITY.md

File metadata and controls

53 lines (43 loc) · 2.35 KB

SciFY Security Policy

This policy outlines SciFY's security commitments and practices for users across different licensing and deployment models.

To learn more about SciFY's security service level agreements (SLAs) and processes, please contact us.

SciFY Network Users

  • Security SLA: SciFY typically addresses vulnerabilities in the SciFY Network according to the following guidelines:
    • Critical: Typically addressed within 7 days.
    • High: Typically addressed within 30 days.
    • Medium: Typically addressed within 90 days.
    • Low: Typically addressed within 180 days.
    • Informational: Addressed as necessary.
      These timelines are targets and may vary based on specific circumstances.
  • Release Schedule: Updates are deployed to the SciFY Network as vulnerabilities are resolved.
  • Version Support: The SciFY Network always runs the latest version, ensuring up-to-date security fixes.

SciFY Enterprise License Customers

  • Security SLA: SciFY addresses vulnerabilities based on their severity:
    • Critical: Typically addressed within 14 days.
    • High: Typically addressed within 30 days.
    • Medium: Typically addressed within 90 days.
    • Low: Typically addressed within 180 days.
    • Informational: Addressed as necessary.
      These timelines are targets and may vary based on specific circumstances.
  • Release Schedule: Updates are made available as vulnerabilities are resolved. SciFY works closely with enterprise customers to ensure timely updates that align with their operational needs.
  • Version Support: SciFY may provide security support for multiple versions, depending on the terms of the enterprise agreement.

Apache 2.0 License Users

  • Security SLA: SciFY does not provide a formal SLA for security issues under the Apache 2.0 License.
  • Release Schedule: Releases prioritize new functionality and include fixes for known security vulnerabilities at the time of release. While major releases typically occur one to two times per year, SciFY does not guarantee a fixed release schedule.
  • Version Support: Security patches are only provided for the latest release version.

Reporting a Vulnerability

For details on how to report security vulnerabilities, please open an issue on GitHub, or contact us.