Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create SECURITY.md #11

Merged
merged 1 commit into from
Feb 28, 2024
Merged

Create SECURITY.md #11

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# Security Policy

## Supported Versions

We are committed to maintaining the security of our software. However, our resources are limited to providing security patches only for the latest combination of minor and major versions of our software.

## Reporting a Vulnerability

We take the security of our software seriously. If you believe you have found a security vulnerability in our software, we encourage you to report it to us as soon as possible. Please follow these steps:

1. **Do Not Publish the Vulnerability**: Publicly disclosing a vulnerability can put the entire community at risk. We ask that you do not share or publicize an unresolved vulnerability to/with third parties.

2. **Report Confidentially**: Please email us at [[email protected]](mailto:[email protected]) with the details of the vulnerability. The report should include:
- A description of the vulnerability and its potential impact.
- Steps to reproduce or proof-of-concept (PoC).
- Any relevant screenshots or output.

3. **Response and Collaboration**: Our security team will review your report and may contact you for further information. Once the vulnerability is confirmed, we will work with you to assess and understand its impact and develop a mitigation or fix.

4. **Acknowledgment**: After the vulnerability has been resolved, we will acknowledge your contribution in our release notes, unless you prefer to remain anonymous.

## Security Patch Release Process

When a vulnerability is discovered, either through internal processes or via an external report, the following process will be followed:

1. **Vulnerability Assessment**: Our security team will assess the severity and impact of the vulnerability.

2. **Patch Development**: A patch will be developed for the latest supported version.

3. **Release and Notification**: Once the patch is ready, it will be released as part of a new version. We will notify users of the need to update through our communication channels (e.g., repository release notes).

4. **Backporting**: In exceptional cases, where a vulnerability has a high impact, we may consider backporting the patch to earlier versions. This decision will be made on a case-by-case basis.

Thank you for helping us keep our software secure.

---
This policy is subject to change at the discretion of the project maintainers.