If you discover any security-related issues or vulnerabilities in ONLang, please follow these steps to report it responsibly:
-
Do not create a public GitHub issue. Security vulnerabilities should be reported privately.
-
Email the details to [email protected]. Please include a thorough description of the issue, steps to reproduce it, and any additional information that might be relevant.
-
Allow some time for the maintainers to assess and address the vulnerability.
To enhance the security of your ONLang scripts and applications, consider the following best practices:
-
Avoid Hardcoding Sensitive Information:
- Do not hardcode sensitive information (e.g., API keys, passwords) directly into your ONLang scripts or configuration files.
-
Secure External System Integration:
- When interacting with external systems (e.g., Qualtrics, Salesforce), ensure secure handling of authentication tokens, credentials, and sensitive data.
-
Regularly Update Dependencies:
- Keep ONLang and its dependencies up-to-date to benefit from security patches and improvements.
-
Validate User Input:
- If your ONLang scripts accept user input, validate and sanitize the input to prevent potential security vulnerabilities like injection attacks.
-
Audit Object Creation:
- Regularly review and audit the ONLang scripts for object creation, ensuring that the generated objects adhere to the intended security policies.
ONLang is open-source software released under the MIT License. By using or contributing to this project, you agree to abide by its terms.