The MAST-F project is committed to ensuring the security and integrity of the framework and the data it handles. This security policy outlines the guidelines and procedures to be followed by all contributors, maintainers, and users of MAST-F to maintain a secure environment.

If you discover any security vulnerabilities, weaknesses, or potential threats in MAST-F, we encourage you to report them to us as soon as possible. Please follow responsible disclosure practices and do not disclose or exploit any security issues publicly until they have been addressed.

To report a security issue, please send an email to security-mastf[at]proton.me. Include a detailed description of the vulnerability or issue, any steps to reproduce it, and any other relevant information that can assist in understanding and addressing the problem. In addition to that, you can simply open up an issue with the security label to inform us about a possible security issue.

We request that you follow responsible disclosure practices when reporting security issues to us. This helps protect the users of MAST-F and provides an opportunity for us to address and mitigate vulnerabilities effectively.

Please give us a reasonable amount of time to investigate and address the reported issue before making it public or sharing it with others.

We ask that you do not attempt to exploit or compromise the security of MAST-F or its users while investigating the reported issue.

When reporting a vulnerability, please provide sufficient information to reproduce and understand the issue, but do not share any confidential or sensitive information of others.

MAST-F takes several measures to ensure the security and privacy of its users and the data processed within the framework. These measures include:

• Secure Authentication: MAST-F employs currently secure authentication mechanisms to protect user accounts and prevent unauthorized access.
• Role-based Access Control: Different roles are assigned to users with varying privileges to limit access to sensitive functionalities and data.
• Third-Party Libraries and Dependencies: The project carefully selects and updates third-party libraries and dependencies to ensure they are secure and up-to-date.

We greatly appreciate the security researchers and contributors who responsibly report security issues and help improve the security of MAST-F. We will acknowledge and credit individuals or organizations for their valuable contributions, subject to their consent and agreement with our disclosure policy.

If you have any questions, concerns, or suggestions regarding the security of MAST-F, please contact us at security-mastf[at]proton.me.