We actively maintain and provide security updates for the following versions:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
- Email: Send details to
security@toddagriscience.com - Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if known)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution: Target 30 days for critical issues
- Acknowledgment: We'll confirm receipt of your report
- Investigation: Our team will investigate and assess the issue
- Resolution: We'll work on a fix and coordinate disclosure
- Credit: With your permission, we'll credit you in our security advisories
- Dependencies: Keep dependencies updated via Dependabot
- Environment Variables: Never commit sensitive data
- Authentication: Use secure authentication patterns
- Input Validation: Sanitize all user inputs
- HTTPS: Always use HTTPS in production
- Environment Isolation: Separate dev/staging/production environments
- Access Control: Implement least-privilege access
- Monitoring: Monitor for suspicious activities
- Backups: Regular secure backups
- Updates: Keep all systems updated
- Content Security Policy: Configured for XSS protection
- HTTPS Enforcement: Strict transport security
- Input Sanitization: All user inputs are validated
- Dependency Scanning: Automated vulnerability scanning
- Environment Separation: Clear dev/prod boundaries
- Rate Limiting: API rate limiting implementation
- Authentication: Secure user authentication system
- Audit Logging: Comprehensive security event logging
- Penetration Testing: Regular security assessments
We follow responsible disclosure practices:
- Private Reporting: Initial reports remain confidential
- Coordinated Disclosure: Public disclosure after fix deployment
- Security Advisories: GitHub Security Advisories for transparency
- CVE Assignment: For significant vulnerabilities
- Security Team: security@toddagriscience.com
- General Support: support@toddagriscience.com
- Emergency: For critical security issues, mark email as "URGENT SECURITY"
Thank you for helping keep Todd Agriscience secure!