From 512b45a487f6af5efdbaecc61f7a2c566d7d9f80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Klemen=20Tu=C5=A1ar?= Date: Sat, 20 Apr 2024 10:30:23 +0100 Subject: [PATCH] :memo: add SECURITY.md --- SECURITY.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..14cf0a9 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,38 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +|---------|--------------------| +| 2.1.x | :white_check_mark: | +| 2.0.x | :x: | +| 1.x.x | :x: | + +## Reporting a Vulnerability + +We take the security of our software seriously. If you believe you have found a security vulnerability, please report it +to us as described below. + +**DO NOT CREATE A GITHUB ISSUE** reporting the vulnerability. + +Instead, send an email to [techouse@gmail.com](mailto:techouse@gmail.com). + +In the report, please include the following: + +- Your name and affiliation (if any). +- A description of the technical details of the vulnerabilities. It is very important to let us know how we can + reproduce your findings. +- An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This + will help us evaluate your submission quickly, especially if it is a complex or creative vulnerability. +- Whether this vulnerability is public or known to third parties. If it is, please provide details. + +If you don’t get an acknowledgment from us or have heard nothing from us in a week, please contact us again. + +We will send a response indicating the next steps in handling your report. We will keep you informed about the progress +towards a fix and full announcement. + +We will not disclose your identity to the public without your permission. We strive to credit researchers in our +advisories when we release a fix, but only after getting your permission. + +We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your +contributions. \ No newline at end of file