Security

How to report security vulnerabilities

Security Policy

I take security seriously. If you discover a security vulnerability in any of my projects, please report it responsibly.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them via email to the repository owner. You can find contact information on my GitHub profile.

When reporting a vulnerability, please include:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any suggested fixes (if available)

What to Expect

After you submit a report:

  1. Acknowledgment - I will acknowledge receipt of your report within 48 hours
  2. Assessment - I will investigate and assess the severity of the issue
  3. Updates - I will keep you informed of progress toward resolution
  4. Resolution - Once fixed, I will notify you and credit you (if desired)

Scope

This security policy applies to:

Responsible Disclosure

I kindly ask that you:

  • Give me reasonable time to address the issue before public disclosure
  • Avoid accessing or modifying data that does not belong to you
  • Act in good faith to avoid privacy violations and service disruption

Recognition

I appreciate the security research community’s efforts in helping keep projects secure. Contributors who report valid vulnerabilities responsibly may be acknowledged in the project (with their permission).

Thank you for helping keep this project and its users safe.

Latest Posts

GCP Managed Kafka Authentication Handler
GCP Managed Kafka Authentication Handler

When working with Google Cloud Platform’s Managed Service for Apache Kafka, you’ll quickly discover that authentication can be surprisingly challenging, especially when using Apache Beam Dataflow pipelines. In this post, I’ll share a utility I created called gcp-kafka-auth-handler that bridges this gap.

Read more about GCP Managed Kafka Authentication Handler

Published: Dec 9, 2024

AWS KMS Key Replication
AWS KMS Key Replication

When architecting cloud-based solutions, one key principle I follow is to isolate resources within their respective regions and avoid sharing or replicating them across regions. This approach consistently provides a more secure and compliant framework for business continuity. Recently, AWS has introduced replication capabilities for various resources. In this post, I will delve into AWS Key Management Service (KMS) and assess whether adopting replication for KMS keys offers tangible benefits.

Read more about AWS KMS Key Replication

Published: Jun 13, 2024

AWS VPN Client
AWS VPN Client

Amazon Web Services (AWS) offers a VPN Client that is particularly advantageous for organizations seeking scalable and secure connectivity solutions compared to traditional VPN services like NordVPN. This distinction is largely due to the inherent flexibility and elasticity of cloud-based services provided by AWS, tailored to meet the dynamic requirements of modern businesses.

Read more about AWS VPN Client