The MITRE SAF team takes security seriously. If you discover a security vulnerability in the SAF Site, please report it responsibly.
- Email: saf-security@mitre.org
- GitHub: Use the Security tab to report vulnerabilities privately
When reporting security issues, please provide:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if you have one)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 7 days
- Fix Timeline: Varies by severity
- Keep Updated: Use the latest version of the site
- Verify Links: Check that profile links point to official MITRE repositories
- Dependency Scanning: Check for vulnerable dependencies regularly
- No Credentials: Never commit API keys, passwords, or tokens
- Input Validation: Sanitize all user inputs in components
- Test Changes: Run tests before submitting PRs
| Version | Supported |
|---|---|
| Latest | ✅ Yes |
# Check for vulnerable dependencies
pnpm audit
# Run tests
pnpm test:run- This is a static site with no server-side code
- All content is pre-rendered at build time
- No user authentication or data storage in production
- Pocketbase is used only during development and build
- Not exposed in production deployment
- Default credentials are for local development only
- Profile links point to external GitHub repositories
- Users should verify repository authenticity before use