Security

This SOP guides you through the security practices for Cannlytics. The Cannlytics team takes the security of Cannlytics and the applications created with it seriously. Please report any vulnerabilities directly to admin@cannlytics.com. Please follow industry-best best practices to minimize the risk of introducing a vulnerability.

Reporting vulnerabilities

In the event that you find a vulnerability in the Cannlytics codebase, then please contact the administrator directly at admin@cannlytics.com. Please do not create GitHub issues for security vulnerabilities.

Best practices

Please use the latest version of Cannlytics. We regularly update Cannlytics, and these updates may fix security defects discovered in previous versions. Check the Cannlytics change log for security-related updates.

Please keep your application's dependencies up to date. Avoid pinning to specific versions for your dependencies and, if you do, make sure that you check periodically to see if your dependencies have had security updates, and update the package accordingly.

References

• Recommendation for Key Management Part 3: Application-Specific Key Management Guidance
• NIST Policy on Hash Functions
• Secure Hash Standards