Skip to content

Commit

Permalink
[ADD] SECURITY.md
Browse files Browse the repository at this point in the history
  • Loading branch information
Plaenkler authored Aug 14, 2023
1 parent 3dfda89 commit c91c0c2
Showing 1 changed file with 45 additions and 0 deletions.
45 changes: 45 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Security Policy

## Supported Versions

Only the latest version is supported. Explanatory diagram:

| Version | Supported |
| ------------ | ------------------ |
| 1.0.0 | :white_check_mark: |
| Older | :x: |

## Reporting a Vulnerability

To report a vulnerability, please follow these steps:

1. **Email**: Send an email to [[email protected]](mailto:[email protected]) with all the details regarding the vulnerability.
2. **Subject**: Use "[Booklooker Vulnerability Report]" as the subject line to help me prioritize and identify your report.
3. **Vulnerability Details**: Please provide a clear and detailed description of the vulnerability, along with the potential impact it may have.
4. **Reproducibility**: If possible, include step-by-step instructions to reproduce the vulnerability.
5. **Versions Affected**: Specify which versions of the project are affected by the vulnerability.
6. **Your Contact**: Include your name, email address, and any other contact information you wish to share.

## Response and Resolution

Once I receive the vulnerability report, I will acknowledge its receipt within 72 hours. I will conduct an initial review to validate the vulnerability and determine its severity.

If the vulnerability is accepted:

- **Fixing Process**: I will prioritize developing a patch for the vulnerability.
- **Release Timeline**: The patch will be included in the next available release within a reasonable timeframe. Please note that the release cycle might vary, but I will prioritize security fixes.
- **Credit**: If you desire, I will acknowledge your contribution and give you credit for responsibly reporting the vulnerability.

If the vulnerability is declined:

- **Reasoning**: I will provide a reason for the rejection and explain why the reported issue does not qualify as a security vulnerability.

## Security Updates

To ensure the security of Booklooker, it is crucial that all users update to the latest supported version promptly. Users of older versions that are no longer supported are strongly recommended to upgrade to a supported version to stay protected against potential security threats.

Thank you for helping me make Booklooker more secure. Your cooperation and responsible disclosure are essential to maintaining the integrity and trustworthiness of this project.

Please note that this security policy is subject to change over time, so it is advisable to check this document periodically for any updates.

Last Updated: August 14, 2023.

0 comments on commit c91c0c2

Please sign in to comment.