-
Notifications
You must be signed in to change notification settings - Fork 5
Security
nh916 edited this page May 10, 2023
·
6 revisions
It is important to write secure and good code to keep our package vulnerability free.
Within the pull request review process, developers do and continue to be encouraged to look for any security issues/vulnerabilities with the new code being introduced to the project
The Python SDK implements workflows to check the code for any vulnerabilities and scans packages for any security vulnerabilities as well.
Lastly the API also has validation and security in place as well to validate input and output as another layer of protection
If you find any security vulnerabilities please refer to the Python SDK security policy for further information and who to contact.
- everyone should be using a password manager
- bitwarden can be a good option
- do not use the same password more than once
- always enable 2 FA on every account, even on accounts you rarely use or care less about
- authy can be a good option
- Permissions should be on a need to know bases
- The well known least privilege principle
- For secure communication please download and use software such as keybase or signal
- Slack, Zoom, and Microsoft Teams are NOT a secure ways of communication
- DO NOT put anything sensitive such as password or authentication inside of slack or anything that is unsecure
- Emails should only go back 30 days
- In case of a hack, users can only gets their hands on 30 days worth of emails instead of everything ever
- Google phishing practice quiz email training
- Rotate any security keys
- Use VPN whenever possible
- important to prevent anyone from sniffing anything you are doing
- Do not leave USB plugged into your computer for no reason
- Implement updates when needed
- It is important to use code scanning tools and dependency scanning tools to be sure our software is secure and does not have any vulnerabilities
- Remove accounts asap when person leaves