From ffadfeaca102fe072bb10a9531e689b99613cfe4 Mon Sep 17 00:00:00 2001 From: Christoffer Hansen Date: Sun, 24 Mar 2024 00:20:58 +0100 Subject: [PATCH] Create SECURITY.md --- SECURITY.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..88e9a8f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,39 @@ +# Security Policy + +## Supported Versions + +Use of supported versions is highly encouraged. Only the following versions of GoAddons are currently being supported with security updates: + +| Version | Supported | +| ------- | ------------------ | +| 1.0.0 | :white_check_mark: | +| < 1.0.0 | :x: | + +## Reporting a Vulnerability + +The safety and security of our project and its community are of utmost importance to us. If you believe you have found a security vulnerability in GoAddons, we encourage you to report it to us as soon as possible. Please follow the guidelines below to report a vulnerability. + +### How to Report a Vulnerability + +1. **Confidentiality**: To ensure the security of our project, please keep the vulnerability confidential until we've had the opportunity to address it. Do not disclose it publicly or to any third parties. + +2. **Contact**: Send your vulnerability report via email to chris.hansen.ch@outlook.com. + +3. **Information to Include**: Provide as much information as possible about the vulnerability, including: + - The version(s) affected. + - A description of the vulnerability and its potential impact. + - Steps to reproduce or proof-of-concept (if possible, within the bounds of responsible disclosure). + +### What to Expect After Reporting + +- **Acknowledgment**: We aim to acknowledge receipt of your vulnerability report within 48 hours. + +- **Communication**: Our security team will review your report and may contact you for further information. We'll keep you informed of our progress as we investigate and address the issue. + +- **Resolution**: Once the vulnerability has been evaluated and confirmed, we will work diligently to develop a fix and release a security update. We'll notify you when the security update is available. + +- **Disclosure**: After the vulnerability has been addressed, we will coordinate with you to determine the best way to publicly disclose the vulnerability responsibly. + +We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions. + +---