|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## Supported Versions |
| 4 | + |
| 5 | +We provide security updates for specific maintained versions of SecSuite. If your version is not listed below, it is no longer supported and may not receive security fixes. |
| 6 | + |
| 7 | +| Version | Supported | |
| 8 | +| ------- | ------------------ | |
| 9 | +| main | :white_check_mark: | |
| 10 | +| 1.x | :x: | |
| 11 | + |
| 12 | +## Reporting a Vulnerability |
| 13 | + |
| 14 | +If you discover a potential security vulnerability in SecSuite, please report it privately to our security team so we can investigate and coordinate a fix before public disclosure. |
| 15 | + |
| 16 | +Preferred reporting methods: |
| 17 | + |
| 18 | +- Email: deleterious420@gmail.com |
| 19 | +- GitHub: Open a private security advisory in this repository |
| 20 | + |
| 21 | +When reporting, please include: |
| 22 | + |
| 23 | +- A clear and concise description of the vulnerability. |
| 24 | +- Steps to reproduce the issue (proof-of-concept) or a small test case. |
| 25 | +- Impact assessment (what could an attacker do). |
| 26 | +- Any mitigations you've tried or temporary workarounds. |
| 27 | +- Your contact information for follow-up. |
| 28 | + |
| 29 | +We will acknowledge receipt within 3 business days and provide a status update within 7 calendar days. If the report requires more time, we'll provide periodic updates until resolved. |
| 30 | + |
| 31 | +## Disclosure and Fix Process |
| 32 | + |
| 33 | +- Triage: We'll verify the report and determine severity. |
| 34 | +- Fix: We'll create a fix branch and include tests where appropriate. |
| 35 | +- Coordinated Disclosure: We'll work with you to coordinate a disclosure timeline and release a patched version. |
| 36 | +- Public Advisory: After release, we'll publish details of the vulnerability and the fix in a public advisory. |
| 37 | + |
| 38 | +## Policy on Public Disclosure |
| 39 | + |
| 40 | +We ask that reporters do not publicly disclose vulnerabilities until a fix is released or we agree on a disclosure timeline. |
| 41 | + |
| 42 | +If you believe the vulnerability is being actively exploited or poses an immediate threat, indicate this in your report and we will prioritize accordingly. |
| 43 | + |
| 44 | +## Thank you |
| 45 | + |
| 46 | +Thank you for helping us keep SecSuite secure. We appreciate responsible disclosure and will credit reporters who request acknowledgment. |
0 commit comments