Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.0.x | β Yes |
| < 1.0 | β No |
We take the security of Fast.BI seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
- Email us directly at [email protected]
- Use the subject line:
[SECURITY] Fast.BI Vulnerability Report - Include detailed information about the vulnerability
Your report should include:
- Description: A clear description of the vulnerability
- Impact: The potential impact of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Environment: Your environment details (OS, version, etc.)
- Proof of Concept: If possible, include a proof of concept
- Timeline: Any timeline constraints for disclosure
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution: Depends on complexity and severity
We will assess each reported vulnerability based on:
- Severity: Impact and exploitability
- Scope: Affected components and users
- Complexity: Difficulty of exploitation
- Availability: Public knowledge of the issue
- Regular security audits of dependencies
- Static code analysis in CI/CD pipeline
- Code review requirements for all changes
- Security-focused testing
- Secure deployment practices
- Regular security updates
- Access control and authentication
- Monitoring and alerting
- Encryption at rest and in transit
- Secure credential management
- Access logging and auditing
- Data privacy compliance
- Keep Fast.BI updated to the latest version
- Use strong, unique passwords
- Enable two-factor authentication when available
- Regularly review access permissions
- Monitor for suspicious activity
- Follow secure coding practices
- Never commit sensitive information
- Use security-focused code review
- Report security concerns promptly
- Stay updated on security best practices
- Security patches are released as soon as possible
- Critical vulnerabilities may trigger emergency releases
- All security updates are documented in release notes
- Users are notified of security-relevant updates
- Vulnerabilities are disclosed after patches are available
- Credit is given to security researchers when appropriate
- Public disclosure follows responsible disclosure principles
- CVE numbers are requested for significant vulnerabilities
- Security Issues: [email protected]
- General Support: [email protected]
- Emergency Contact: Available for critical security issues
We thank the security research community for their contributions to making Fast.BI more secure. Responsible disclosure helps us protect our users and improve our platform.
Remember: Security is everyone's responsibility. If you see something, say something!