From 3375fa9c07202363669d82711a5e4e658fde0b68 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Mon, 28 Aug 2023 11:52:54 +0200 Subject: [PATCH] update security policy --- SECURITY.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..53374cdb --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,25 @@ +# Security Policy + +I take the security of my projects seriously. If you discover any security vulnerabilities or have concerns regarding the security practices advised this repository, please reach out to me immediately. I appreciate your efforts in responsibly disclosing the issue and will make every effort to address it promptly. + +## Reporting a Vulnerability + +To report a security vulnerability, please follow these steps: + +1. Go to the **Security** tab of this repository on GitHub. +2. Click on **"Report a vulernability"**. +3. Provide a clear description of the vulnerability and its potential impact. Be as detailed as possible. +4. If applicable, include steps or a PoC (Proof of Concept) to reproduce the vulnerability. +5. Submit the report. + +Once I receive the private report notification, I will promptly investigate and assess the reported vulnerability. + +Please do not disclose any potential vulnerabilities in public repositories, issue trackers, or forums until we have had a chance to review and address the issue. + +## Scope + +This security policy applies to all the code and files within this repository and its dependencies actively maintained by me. If you encounter a security issue in a dependency that is not directly maintained by me, please follow responsible disclosure practices and report it to the respective project. + +While I strive to ensure the security of this project, please note that as an individual developer, there may be limitations on resources, response times, and mitigations. + +Thank you for your help in making this project more secure.