Security

SECURITY.md

Security Policy

Reporting Security Vulnerabilities

If you discover a security vulnerability in any of the lab implementations or documentation, please report it responsibly.

🚨 For Critical Security Issues

Do NOT open a public GitHub issue
Contact me directly via LinkedIn: www.linkedin.com/in/orisraelche
Include detailed information about the vulnerability
Allow reasonable time for response and remediation

📝 For General Security Improvements

Open a GitHub issue with the label security-enhancement
Suggest improvements to security practices
Propose additional security controls

Security Considerations in Labs

What We Include

✅ Production-ready security configurations
✅ Principle of least privilege implementations
✅ Compliance framework mappings
✅ Cost optimization with security considerations

What We Avoid

❌ Real credentials or sensitive data
❌ Overly permissive configurations
❌ Security anti-patterns
❌ Configurations that could create vulnerabilities

Responsible Disclosure

If you find security issues in the lab implementations:

Assess Impact - Determine if it's a learning issue or actual vulnerability
Report Privately - Use direct contact for serious issues
Provide Details - Include steps to reproduce and potential impact
Allow Response Time - Give reasonable time for remediation

Security Best Practices

When implementing these labs:

Always use dedicated lab/development environments
Never use production credentials
Follow cleanup procedures to avoid unnecessary costs
Review and understand all configurations before implementation

Thank you for helping keep this project secure and educational!

There aren’t any published security advisories