If you discover a security vulnerability in Argus Observe Rules, please report it privately to maintain responsible disclosure.
Create a private security advisory on GitHub:
- Go to the Security tab in this repository
- Click "Report a vulnerability"
- Fill out the advisory form with details
If GitHub security advisories are not available, contact the maintainers directly with:
- Clear description of the vulnerability
- Steps to reproduce
- Potential impact assessment
- Suggested remediation if known
- Avoid patterns that could expose sensitive data in logs
- Test rules against malicious code to prevent exploitation
- Ensure rules do not introduce denial of service risks
- Never include real credentials or sensitive data in test cases
- Use clearly fake/example data in test files
- Avoid patterns that could be used to extract information
Security updates are provided for:
- Latest main branch
- Current release versions
- Vulnerability assessment and validation
- Fix development and testing
- Security advisory publication
- Coordinated release with fix
- Community notification
Thank you for helping keep Argus Observe Rules secure.