If you discover any security-related issues or vulnerabilities in onst-schemastore, please follow these steps to report it responsibly:
-
Do not create a public GitHub issue. Security vulnerabilities should be reported privately.
-
Email the details to krajat4@gmail.com. Please include a thorough description of the issue, steps to reproduce it, and any additional information that might be relevant.
-
Allow some time for the maintainers to assess and address the vulnerability.
To enhance the security of your onst-schamastore scripts and applications, consider the following best practices:
-
Avoid Hardcoding Sensitive Information:
- Do not hardcode sensitive information (e.g., API keys, passwords) directly into your onst-schamastore scripts or configuration files.
-
Secure External System Integration:
- When interacting with external systems (e.g., Qualtrics, Salesforce), ensure secure handling of authentication tokens, credentials, and sensitive data.
-
Regularly Update Dependencies:
- Keep onst-schamastore and its dependencies up-to-date to benefit from security patches and improvements.
-
Validate User Input:
- If your onst-schamastore scripts accept user input, validate and sanitize the input to prevent potential security vulnerabilities like injection attacks.
-
Audit Object Creation:
- Regularly review and audit the onst-schamastore scripts for object creation, ensuring that the generated objects adhere to the intended security policies.
onst-schamastore is open-source software released under the MIT License. By using or contributing to this project, you agree to abide by its terms.