The CU-DBMI maintainers and community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
General security incident procedures for projects found here are managed through the University of Colorado's Office of Information Security incident report process. Please see that the linked materials for more detail on how to proceed more broadly.
We also follow a University HIPAA Policy regarding data used by some of our projects. Please use the following special link for HIPAA related security incidents.
Besides the above, we require the following for projects:
- Private keys, passwords, and credentials must never be committed into source control.
- Data checked into source control must not include sensitive or personally identifiable information (PII).
To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab within the related a related project.
If you don't find the relevant project link within the related repository, please use the link below which will open a security report through this .github repository (see below).