To report a security vulnerability, do not use public GitHub issues. Instead, use one of the following secure channels:

1. GitHub Security Advisories: Submit a report

We prioritize your privacy. All reports will be treated with the utmost confidentiality, and we will not share your information without your permission.

Upon receiving your report, we will acknowledge it and begin our investigation. You will be notified of our findings and the steps taken to resolve the issue. If appropriate, we will credit you for your contribution in our public announcements.

Please note that we do not currently offer a bounty program and therefore cannot provide monetary rewards for identifying security vulnerabilities. However, we will publicly acknowledge your role as the original source of the report when we announce a fix.

Welcome to the security guidelines for Next Billion Native Commerce (nxtbn). This document outlines best practices for ensuring the security of your nxtbn deployment, as well as procedures for reporting security vulnerabilities.

To maintain a secure environment, please follow these best practices:

• Regular Updates: Keep your nxtbn installation, dependencies, and server operating systems up to date. This ensures you have the latest security patches and features.

• Secure Configurations: Configure your servers and applications with security in mind. Use strong passwords, disable unused services, and employ firewalls and other security measures.

• Role-Based Access Control (RBAC): Assign appropriate permissions to users based on their roles and responsibilities. Follow the principle of least privilege to minimize potential security risks.

• Secure Communication: Use encrypted communication protocols such as HTTPS and SSL/TLS to protect data in transit. Ensure that your certificates are valid and not expired.

• Data Encryption: Encrypt sensitive data at rest, such as user credentials and payment information. Use secure key management practices to protect encryption keys.

• Backup and Disaster Recovery: Implement regular backups and disaster recovery plans to protect against data loss or system failures.

• Security Audits: Conduct regular security audits to identify potential vulnerabilities and improve overall security posture.

• User Education: Educate your team about security best practices, including how to identify phishing attempts and other common threats.

For more information on securing your nxtbn deployment, refer to the following resources:

• Django Security Practices
• OWASP Security Guidelines

If you have any security-related questions or concerns, please contact us at security@bytenyx.com.

Thank you for helping us keep nxtbn secure. Together, we can ensure a safe and reliable platform for everyone. 🔐