Skip to content

Security: ayush-that/FinVeda

Security

security.md

Security Policy

Supported Versions

We take security seriously and aim to promptly address any issues. Here is the current status of our support for various versions of the website.

Version Supported
v1.x.x
v0.x.x

Reporting a Vulnerability

If you believe you've discovered a security vulnerability on our financial literacy website, please follow the steps below to report it.

1. Do not disclose publicly

Please do not publicly disclose the vulnerability until we have had the opportunity to investigate and resolve it.

2. Send an email

Contact our security team at [email protected](mailto:[email protected]) with the following details:

  • A description of the vulnerability and its impact.
  • Steps to reproduce the vulnerability.
  • Any additional information that may help us understand the scope and potential threat.

3. Response Time

We will acknowledge your report within 48 hours and aim to provide a response with further details within 5 business days. You can expect:

  • An assessment of the issue.
  • Steps we will take to mitigate the risk.
  • A timeline for the resolution.

4. Bounty Program (if applicable)

If your report leads to a code or configuration change that improves the security of the website, we may offer a bounty as a token of our appreciation. Please inquire in your report if you are interested in this program.

Scope

The following areas of the website are in scope for security testing:

  • User authentication and authorization
  • Financial data handling and transactions
  • API endpoints
  • Payment systems (if applicable)
  • User data protection mechanisms

The following areas are out of scope:

  • Third-party applications integrated with the website
  • Denial of Service (DoS) attacks
  • Physical security vulnerabilities

Security Updates

We will regularly update users about any major security updates and patches through our website and email notifications.

Thank you for helping us keep our platform safe for everyone.

There aren’t any published security advisories