Please refer to individual repository documentation for information about which versions are currently being supported with security updates.

Please do not report security vulnerabilities through public GitHub issues.

If you discover a security vulnerability within any UPENN-PNGC project, please report it to us privately:

1. Email: Send details to the repository maintainers (contact information can be found in the specific repository)
2. Include:
   • Description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact
   • Any suggested fixes (if available)

• Acknowledgment: We will acknowledge receipt of your vulnerability report within a week (please make allowances for the slow pace of academia).
• Updates: We will keep you informed about the progress of addressing the vulnerability
• Timeline: We aim to address critical vulnerabilities within 30 days
• Credit: With your permission, we will acknowledge your contribution in the fix announcement

When working with UPENN-PNGC projects:

• Keep dependencies up to date
• Use strong authentication methods
• Follow principle of least privilege
• Protect sensitive data and credentials
• Review code for common vulnerabilities
• Use secure coding practices

• We follow responsible disclosure practices
• Security fixes will be released as soon as possible
• Details of vulnerabilities will be disclosed after a fix is available

• GitHub Security Advisories
• OWASP Top 10

Thank you for helping keep UPENN-PNGC projects secure!