diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..0decb3bb --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,46 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +|---------|--------------------| +| 8.x.x | :white_check_mark: | +| 7.x.x | :x: | +| 6.x.x | :x: | +| 5.x.x | :x: | +| 4.x.x | :x: | +| 3.x.x | :x: | +| 2.x.x | :x: | +| 1.x.x | :x: | +| 0.x.x | :x: | + + +## Reporting a Vulnerability + +We take the security of our software seriously. If you believe you have found a security vulnerability, please report it +to us as described below. + +**DO NOT CREATE A GITHUB ISSUE** reporting the vulnerability. + +Instead, send an email to either [techouse@gmail.com](mailto:techouse@gmail.com) or +[i.terhin@gmail.com](mailto:i.terhin@gmail.com). + +In the report, please include the following: + +- Your name and affiliation (if any). +- A description of the technical details of the vulnerabilities. It is very important to let us know how we can + reproduce your findings. +- An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This + will help us evaluate your submission quickly, especially if it is a complex or creative vulnerability. +- Whether this vulnerability is public or known to third parties. If it is, please provide details. + +If you don’t get an acknowledgment from us or have heard nothing from us in a week, please contact us again. + +We will send a response indicating the next steps in handling your report. We will keep you informed about the progress +towards a fix and full announcement. + +We will not disclose your identity to the public without your permission. We strive to credit researchers in our +advisories when we release a fix, but only after getting your permission. + +We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your +contributions.