This document outlines the security procedures and policies for Spire Labs to ensure the protection of our products, users, and community.
The Spire Labs team takes security issues seriously and appreciates the efforts of security researchers in responsibly disclosing vulnerabilities.
If you discover a security vulnerability, please report it as soon as possible via security@spire.dev.
To help us triage and respond effectively, please include:
- A clear and concise description of the issue.
- Steps to reproduce (proof of concept, screenshots, or logs if applicable).
- The affected product, service, or version.
- Acknowledgment: Within 48 hours, we will confirm receipt of your report.
- Initial Analysis: Within 48 hours, we will assess and determine the severity of the issue.
- Resolution & Disclosure: We will coordinate a fix and inform you of the next steps. We will keep you updated on progress.
If you find security issues in third-party dependencies used by Spire Labs, we recommend reporting them directly to the maintainers of those projects.
Upon receiving a valid security report, the Spire Labs security team will:
- Confirm the vulnerability and determine the scope of impact.
- Assign a primary handler responsible for coordinating a resolution.
- Assess risk level and identify affected versions.
- Audit related code for similar vulnerabilities.
- Develop a patch or fix as quickly as possible.
- Communicate with the reporter regarding progress and expected timelines.
- Coordinate a responsible disclosure, balancing user protection and transparency.
We will provide coordinated disclosure to allow affected users to apply security patches before full public disclosure.
- Fixes will be issued for all currently supported versions.
- Older versions may not receive patches unless explicitly stated in our maintenance policy.
- Critical security updates will be prioritized and fast-tracked for release.
If applicable, we will publicly disclose security fixes in release notes and security advisories.
We welcome feedback! If you have suggestions to improve our security process, please submit a pull request to this repository.
Thank you for helping to improve security at Spire Labs and the wider ecosystem!