DO NOT CREATE AN ISSUE to report a security problem. Instead, kindly send an email to security@uncinc.nl
The security point of contact is Christiaan de Die le Clercq.
In case Christiaan does not respond within a reasonable time, the secondary point of contact is Roderik de Langen.
All users are required to use 2FA within the Unc Inc Github organisation.
- Developers will only be granted access to repositories they manage.
- Administrative repo tasks will always be done by administrative users.
We should opt for alternative authentication methods when possible:
- Asymmetric keys for connecting to servers.
- Delegated authentication (SAML, OAuth2, etc).
- Opaque access tokens.
SSH keys should be rolled out selectively, providing developers access to only the servers that they require access to.
We learn about critical software updates and security threats from these sources
- GitHub Security Alerts
- GitHub: https://status.github.com/ & @githubstatus
This Security Policy is based on npm’s Security Policy.
This document may be reused under a Creative Commons Attribution-ShareAlike License.