title |
---|
Security Policy |
Security threats and vulnerabilities affect everyone using R-multiverse. Issues may include (but are not limited to):
- Unauthorized access to https://github.com/r-multiverse or its repositories.
- Malicious attempts to inundate https://github.com/r-multiverse/contributions/pulls with pull requests.
- Other denial of service (DoS) attacks on the R-multiverse bot or other infrastructure.
Please help keep R-multiverse operational. In the event of publicly visible malicious behavior, such as a DoS attack on https://github.com/r-multiverse/contributions/pulls, please:
- Report abuse or spam through GitHub.
- Open an issue at https://github.com/r-multiverse/help to inform R-multiverse administrators.
If you notice a vulnerability that an attacker could potentially exploit, please report it privately. Confidentiality helps fix the problem before most attackers even know about it. After remediation, R-multiverse administrators will open an issue at https://github.com/r-multiverse/help to inform community about the vulnerability and its resolution.
The steps to privately report vulnerabilities are:
- Navigate to https://github.com/r-multiverse/help/security.
- Under "Private vulnerability reporting", click "Report a vulnerability".
- Describe the issue in the advisory details form.
- At the bottom, click "Submit report". GitHub will then add you as a collaborator on the proposed security advisory you created.