Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability in the VASP DOS Plotter, please report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via email to: zfard@iastate.edu
When reporting a vulnerability, please include:
- Description: A clear description of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Impact: The potential impact of the vulnerability
- Environment: Your operating system, Python version, and package versions
- Proof of Concept: If possible, provide a minimal example that demonstrates the issue
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Initial Assessment: We will provide an initial assessment within 1 week
- Resolution: We will work to resolve the issue as quickly as possible, typically within 30 days
- We will keep you informed of our progress
- We will credit you in our security advisories (unless you prefer to remain anonymous)
- We will work with you to ensure the vulnerability is properly addressed
- Keep Dependencies Updated: Regularly update your Python packages
- Use Virtual Environments: Always use virtual environments to isolate dependencies
- Validate Input Files: Only use trusted DOS files from reliable sources
- Review Code: If using the source code, review it before execution
- Input Validation: Always validate user input and file contents
- Error Handling: Implement proper error handling to avoid information disclosure
- Dependencies: Keep dependencies updated and review security advisories
- Code Review: All code changes should be reviewed for security implications
- The application reads DOS files from the filesystem
- Always validate file contents before processing
- Be cautious with files from untrusted sources
- The application uses tkinter for the GUI
- No network communication is performed
- All processing is done locally
- We use well-maintained scientific Python packages
- Dependencies are regularly updated
- Security advisories are monitored
Security updates will be released as patch versions (e.g., 1.0.1, 1.0.2) and will be clearly marked in the changelog.
For security-related questions or concerns, please contact:
- Email: zfard@iastate.edu
- GitHub: @zfard
We thank the security researchers and community members who help us keep the VASP DOS Plotter secure.