At OWASP Nettacker, we take security seriously. This document outlines our security policy, including how to report vulnerabilities, our responsible disclosure process, and how we handle security issues.

We provide security updates for the following versions of OWASP Nettacker:

• Latest Release: The most recent stable release.
• Current Master Branch: The latest development version on the master branch.

Older versions may not receive security updates. We strongly recommend that users upgrade to the latest version.

If you discover a security vulnerability in OWASP Nettacker, we appreciate your help in disclosing it responsibly. Here’s how you can report it:

• You can report the vulnerability by creating a - Github Security Advisory: OWASP Nettacker Security Page
  • Follow the prompts to submit a private security advisory.

• We will acknowledge your report and work with you to establish a timeline for addressing the vulnerability.
• Once the issue is fixed, we will release a patch and publicly disclose the vulnerability, crediting you (unless you prefer to remain anonymous).

1. Triage: The Project Leaders will review the report and assess the severity of the vulnerability.
2. Fix Development: A fix will be developed and tested for the vulnerability.
3. Release: A patched version of OWASP Nettacker will be released.
4. Disclosure: The vulnerability will be publicly disclosed, including credits to the reporter.

For general inquiries or non-security-related issues, you can contact the project leaders:

• Project Page: OWASP Nettacker Project Page
• GitHub Issues: OWASP Nettacker Issues
• Slack/Discord: Join the OWASP Slack workspace and find us in the #project-nettacker channel.

For security-related issues, please use the private disclosure methods described above.