Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in iAm, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please email: security@iamexplor.ing

Include:

Description of the vulnerability
Steps to reproduce
Potential impact
Suggested fix (if any)

Response Timeline

Acknowledgment: Within 48 hours
Initial assessment: Within 1 week
Fix timeline: Depends on severity, typically within 30 days for critical issues

Scope

This policy applies to the iAm platform codebase, including:

Server-side GraphQL API
Client-side React application
Database schema and queries
Authentication and authorization mechanisms

Best Practices for Contributors

Never commit secrets, API keys, or credentials to the repository
Use .env files for all configuration (see .env.example templates)
Follow the principle of least privilege for database access
Validate all user input at system boundaries

There aren't any published security advisories