The RedDevs team takes the security of our platform seriously. We appreciate your efforts to responsibly disclose any security vulnerabilities you may find.

If you believe you've discovered a security vulnerability in RedDevs, please follow these steps:

1. Do not disclose the vulnerability publicly until it has been addressed by our team.
2. Send details of the vulnerability to [email protected] including:
   • A description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact of the vulnerability
   • Any suggestions for remediation if available

We will acknowledge receipt of your vulnerability report within 48 hours and provide a more detailed response within 5 business days, indicating the next steps in handling your submission.

Once a vulnerability is reported and confirmed, we follow these steps:

1. Confirm receipt of the vulnerability report
2. Assess the severity and impact
3. Develop and test a fix
4. Release a security update
5. Notify users about the vulnerability and update

We currently provide security updates for the following versions of RedDevs:

RedDevs implements several security measures to protect user data and ensure platform integrity:

• Secure password handling with bcrypt hashing
• Email verification for new accounts
• Magic Link authentication option
• Password recovery system with secure token management

• HTTPS for all communications
• PostgreSQL database with secure configurations
• Environment-based configuration for sensitive data (via .env files)
• Input validation and sanitization

• Regular updates of dependencies to patch known vulnerabilities
• Security audits of third-party packages

If you're contributing to RedDevs, please follow these security best practices:

1. Never commit sensitive information such as API keys, passwords, or tokens to the repository
2. Use environment variables (see .env.example) for configuration
3. Validate and sanitize all user inputs
4. Follow the principle of least privilege when designing new features
5. Write tests that cover security-critical paths

We'd like to thank all security researchers and community members who have helped improve RedDevs' security. Contributors who report valid security issues will be acknowledged (with their permission) once the issue has been resolved.

This security policy is subject to change. Last updated: 2025-07-01