Security Policy
Supported Versions
The following versions of BBMRI-ERIC Negotiator receive security updates:
| Version | Supported |
|---|---|
| 3.x.x | ✅ Yes |
| 2.x.x | ❌ No |
If you are using an unsupported version, please upgrade to receive security patches.
Reporting a Vulnerability
Security is a top priority for BBMRI-ERIC Negotiator. If you discover a vulnerability, please report it responsibly by following these guidelines:
- Do not disclose vulnerabilities publicly, including GitHub Issues or forums.
- Instead, report vulnerabilities via email: negotiator@helpdesk.bbmri-eric.eu.
- Provide a detailed description, including steps to reproduce, affected versions, and any potential impact.
- We will acknowledge receipt of your report within 48 hours and provide a resolution timeline.
Security Best Practices
To maintain a secure environment, we follow these principles:
- Secure coding practices and dependency scanning tools.
- Regular security audits and reviews.
- Avoidance of hardcoded secrets or sensitive data in repositories.
Responsible Disclosure
We appreciate responsible security research and will publicly acknowledge verified vulnerabilities and contributors in release notes where appropriate.
References
For more information:
Thank you for helping us keep BBMRI-ERIC Negotiator secure!