The UK Hydrographic Office (UKHO) supplies hydrographic information to protect lives at sea. Maintaining the confidentially, integrity and availability of our services is paramount.
If you discover a security vulnerability or have security concerns about this project, please report them responsibly by emailing us at:
To help us address the issue quickly and effectively, please include the following information in your security report:
- A clear description of the potential security issue
- Steps to reproduce the vulnerability (if applicable)
- The potential impact of the vulnerability
- Any suggested remediation steps
- Your contact information for follow-up questions
- Acknowledgment: We will acknowledge receipt of your report within 1 business day
- Assessment: We will assess the severity and impact of the reported issue
- Updates: We will provide regular updates on our progress in addressing the issue
- Resolution: We will work to resolve confirmed security issues in a timely manner
- Credit: With your permission, we will acknowledge your responsible disclosure
When contributing to this project, please follow these security guidelines:
- Keep dependencies up to date
- Follow secure coding practices
- Avoid hardcoding sensitive information (secrets, passwords, API keys)
- Validate and sanitize all inputs
- Follow the principle of least privilege for access controls
- Regularly review and audit permissions
- Use secure communication protocols (HTTPS, TLS)
- Implement proper authentication and authorization mechanisms
This project uses various security tools including:
- Snyk for vulnerability scanning
- Regular dependency audits
Note: This security policy is subject to change. Please check this document regularly for updates.