FEU Tech ACES Logo

Security Policy

The Association of Civil Engineering Students (ACES) at FEU Institute of Technology takes the security of our platforms, tools, and in-house repositories seriously. As a student-run academic organization, we rely on responsible reporting from our community to help us maintain the integrity and safety of our digital infrastructure.

This document outlines which project versions receive security updates and how to report vulnerabilities responsibly.

Supported Versions

We currently provide security updates and patches primarily for the latest deployed versions of our projects.

Older branches or archived versions will not receive security updates.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

If you believe you have discovered a security vulnerability in:

  • The ACES Website
  • The Builders Progress Tool

please report it responsibly by contacting us directly.

Security Contact

Email: feutechaces.main@gmail.com

What to Include in Your Report

To help us investigate and resolve the issue as efficiently as possible, please include the following information:

  • A clear and detailed description of the vulnerability
  • The specific repository, system, URL, or tool where the vulnerability exists
  • Step-by-step instructions to reproduce the issue
  • Any supporting evidence (screenshots, logs, proof-of-concept code)
  • The potential impact of the vulnerability if exploited
  • Any suggested mitigation or fix (optional but appreciated)

Providing detailed information will help our team assess and resolve the issue more quickly.

Responsible Disclosure Guidelines

We kindly ask researchers and contributors to follow responsible disclosure practices:

  • Do not publicly disclose vulnerabilities before they are resolved.
  • Avoid actions that could damage systems, access unauthorized data, or disrupt services.
  • Allow reasonable time for the ACES development team to investigate and fix the issue.

Responsible disclosure helps protect our community and ensures vulnerabilities are addressed safely.

Response Process

Once a vulnerability report is received, our process will generally follow these steps:

  1. Acknowledgement
    We will acknowledge receipt of your vulnerability report within 3–5 academic days.

  2. Investigation
    The ACES Web Development Team will review and investigate the reported issue to determine its severity and potential impact.

  3. Resolution
    We will work to develop and deploy a fix as quickly as possible, based on the complexity of the vulnerability and available student resources.

Scope

This security policy applies to:

  • ACES official GitHub repositories used for internal source management
  • ACES web applications and tools
  • Systems maintained by the ACES Web Development Team

This policy does not apply to third-party services integrated into our projects.

Acknowledgements

We appreciate the efforts of students, developers, and community members who help us improve the security of our systems through responsible reporting.

Your contributions help us maintain a secure and reliable digital environment for the ACES community.

Association of Civil Engineering Students (ACES)
FEU Institute of Technology